What is zero-knowledge encryption?

Zero-knowledge encryption is a security architecture where the service that stores your data has zero knowledge of what that data contains. The encryption and decryption happen entirely on your devices. The server never receives the encryption key or the unencrypted content.

How Zero-Knowledge Works on EasySend

1. You set a password when uploading with encryption enabled
2. Your browser derives an encryption key from the password using PBKDF2 with 100,000 iterations and a random salt
3. Files are encrypted in your browser using AES-256-GCM
4. Only encrypted data is uploaded to the server
5. When downloading, the recipient enters the password in their browser and the file is decrypted locally

At no point does the server see the password, the encryption key or the unencrypted file. This is what makes it zero-knowledge.

Why Zero-Knowledge Matters

Most file sharing services like Google Drive and Dropbox encrypt your files at rest, but they hold the encryption keys. This means their employees, government subpoenas or hackers who breach their infrastructure can access your files. With zero-knowledge encryption, a server breach exposes only encrypted ciphertext that is computationally impossible to decrypt without the password.

Zero-Knowledge vs Regular Encryption

• HTTPS (transport encryption) - protects data in transit but the server receives unencrypted files
• Server-side encryption at rest - server encrypts files on disk but holds the keys and can decrypt them
• Zero-knowledge (E2E) - encryption happens on your device, server never has the key, nobody can decrypt without the password

Learn more about how EasySend implements this at encryption explained.