Verify Zero-Knowledge Encryption

See for yourself how FileShot encrypts files in your browser. This page demonstrates the encryption process step-by-step, proving that we never see your encryption key or unencrypted file contents.

Step 1: Choose a Test File

Select any file to encrypt. This happens entirely in your browser — we never see the file.

Click or drag a file here

Step 2: Generate Encryption Key Generated Locally

Your browser generates a random encryption key. This key never leaves your device.

Generating encryption key...

Important: This key is generated using crypto.getRandomValues() in your browser. FileShot's servers never see this key.

Step 3: Encrypt File in Browser Encrypted Locally

Your file is encrypted using AES-256-GCM encryption before it's uploaded.

Original file (readable):

Encrypted data (gibberish - this is what we receive):

Encrypting...

Proof: The encrypted data is completely unreadable. Even if FileShot wanted to read your file, the data is encrypted and we don't have the key.

Step 4: What FileShot Receives

When you upload a file with zero-knowledge encryption enabled, FileShot's servers receive:

Encrypted blob: Unreadable encrypted data (shown above)
File metadata: Original filename, size, type (for display purposes only)
Expiration settings: When the file should be deleted

What we DON'T receive:

×Your encryption password
×The encryption key
×Any way to decrypt the file
×The readable file contents

Step 5: Verify You Can Decrypt

Enter your password to decrypt the file and verify it matches the original:

Verification Complete

What this proves:

Encryption happens in your browser, not on our servers
The encryption key never leaves your device
We only receive encrypted, unreadable data
Files cannot be decrypted without your password
You maintain complete control over your data

Want to verify the code yourself? View our open-source encryption code on GitHub

How to Verify in Browser DevTools

For technical users, you can verify the encryption yourself:

Open Browser DevTools (F12)
Go to the "Network" tab
Upload a file with zero-knowledge encryption
Find the upload request to /api/files/upload
Check the request payload - you'll see encrypted data, not readable file contents
Check the JavaScript console - you'll see encryption happening locally

The encryption code is in zero-knowledge.js — you can view it in DevTools › Sources.

Why Verify Encryption?

Encryption verification allows you to independently confirm that your files are properly encrypted before and during transit. FileShot's verification tool checks the encryption envelope, validates the cipher suite used, confirms key derivation parameters, and ensures the encrypted payload has not been tampered with. This transparency is essential for security-conscious users, compliance officers, and organizations that need cryptographic proof that their data protection measures are working as intended.

Verification Process

The verification process examines the encrypted file without decrypting its contents. It confirms that AES-256 encryption was applied correctly, that the initialization vector is unique and properly generated, and that the HMAC authentication tag is valid. This allows recipients to verify encryption integrity without needing access to the decryption key. The verification report includes detailed technical information about the encryption parameters, making it suitable for inclusion in security audits and compliance documentation.