Browser File Encryption

As of 2025-08-01, the default browser file encryption software is based on hat.sh.

hat482×617 12.3 KB

hat.sh supports BOTH passwords or keys, but the use of password is discouraged.

2.1. Encryption

A file can be encrypted with either Password or Keys.

2.1.1. Encrypt with Shared Password

1. Navigate to the Encryption panel.
2. Drag & Drop or Select the files that you wish to encrypt.
3. Enter a password or generate one.
4. Download the encrypted file.

2.1.2. Encrypt with their Public Key and your Private Key

1. Navigate to the Encryption panel.
2. Drag & Drop or Select the files that you wish to encrypt.
3. Choose public key method.
4. Enter or load recipient's public key and your private key. if you don't have public and private keys you can generate a key pair.
5. Download the encrypted file.
6. Share your public key with the recipient so he will be able to decrypt the file.

2.2. Decryption

A file can be decrypted with either Password or Keys.

2.2.1. Decrypt with Shared Password

1. Navigate to the Decryption panel.
2. Drag & Drop or Select the files that you wish to decrypt.
3. Enter the encryption password.
4. Download the decrypted file.

2.2.2. Decrypt with their Public and your Private Key

1. Navigate to the Decryption panel.
2. Drag & Drop or Select the files that you wish to decrypt.
3. Enter or load sender's public key and your private key.
4. Download the decrypted file.

3. Technical Information

Hat.sh Release History

Hat.sh uses the same NaCl technology as us in Dynamic Alias (they use the libsodium library) so there is a good understanding of the way Hat.sh performs encryption.

1. X25519 - for key exchange.
2. XChaCha20-Poly1305 - for symmetric encryption.
3. Argon2id - for password-based key derivation.

Forks

There are many forks of the original hat.sh:

• Network Graph · sh-dv/hat.sh · GitHub
• GitHub - mrtechtroid/hatsmith: Encrypt and Decrypt files securely in your browser.

As of 2025-08-05 this fork is the most active: