How to Password-Protect a File in Your Browser

Sometimes you need to send or store a file that only the right person should be able to open — a contract, an export of personal data, a backup. Encrypting it with a passphrase means that even if the file is intercepted or leaks, its contents stay unreadable. Here is how to do it safely, without uploading anything.

The tool

File Encryptor

Open File Encryptor

Step by step

  1. Open the File EncryptorGo to the tool and keep it on the Encrypt tab. It runs entirely in your browser, so nothing is uploaded.
  2. Choose your fileDrop the file in, or click to browse. Any file type works, up to 512 MB.
  3. Set a strong passphraseEnter a passphrase you will remember — longer is stronger. Write it down somewhere safe: if you lose it, the file cannot be recovered.
  4. Encrypt and downloadClick Encrypt file and download the resulting .kitenc file. Share or store that file; it is useless to anyone without the passphrase.
  5. Decrypt laterTo open it again, switch to the Decrypt tab on any device, choose the .kitenc file, and enter the same passphrase to get the original file back.

Why encrypt in your browser instead of uploading

The whole point of encryption is that no one but you and your intended recipient can read the file. Uploading it to a website to “encrypt” it means trusting that site’s server with the very data you are trying to protect.

This tool encrypts and decrypts locally with your browser’s built-in Web Crypto API. The file and your passphrase never leave your device, so there is nothing to intercept and no server to trust.

What “AES-256” actually means here

Your passphrase is not used directly as the key. It is stretched into a 256-bit key with PBKDF2 — 600,000 rounds of SHA-256 (the current OWASP recommendation) with a random salt — which makes guessing passphrases slow and defeats precomputed tables. That key then drives AES-GCM, a widely trusted cipher that both encrypts the data and detects tampering.

In practice that means a strong passphrase gives you serious protection, and a modified or corrupted encrypted file is caught on decryption rather than quietly producing garbage.

Choosing a good passphrase

Length beats complexity: a passphrase of several unrelated words is both easier to remember and harder to crack than a short string of symbols. Do not reuse a password you use elsewhere, and store it in a password manager or another safe place.

Because there is no backdoor and no reset, a forgotten passphrase means the file is gone for good. That is a feature, not a bug — but it puts the responsibility on you to keep the passphrase safe.

When to use a dedicated tool instead

This is ideal for protecting individual files before you email, upload, or back them up. For encrypting an entire drive, managing many files with shared access, or long-term archival where you need audited, standardized formats, use a purpose-built disk- or archive-encryption tool designed for that job.

Frequently asked questions

Is my file or passphrase uploaded?

No. Everything is encrypted and decrypted locally with the Web Crypto API, so neither the file nor your passphrase leaves your device.

What if I forget the passphrase?

The file cannot be recovered — there is no reset or backdoor. Store your passphrase somewhere safe, such as a password manager.

Can the recipient open it without special software?

They open it the same way you made it: on any device, in this tool, using the Decrypt tab and the passphrase you share with them separately.

All guides