Client-side file encryption using AES-256-GCM and Web Crypto API. Files never leave your device.
- Encrypt & decrypt files entirely in the browser — nothing is uploaded to a server
- AES-256-GCM encryption via the Web Crypto API with PBKDF2 key derivation (100 000 iterations)
- Streaming chunk processing (5 MiB blocks) so large files don't exhaust memory
- Authenticated chunk integrity — per-file ID and block index as AAD prevent chunk-swapping and reordering attacks (inspired by gocryptfs)
- Passphrase generator — cryptographically random 6-word passphrases from the EFF wordlist (~77.5 bits of entropy)
- Password visibility toggle — show/hide the password field for easier entry
- Drag-and-drop file selection with click-to-browse fallback
- Dark mode — automatic light/dark theme support
- Keyboard shortcut — press Enter in the password field to start processing
- PWA-ready — SVG favicon and icons matching app branding
- Next.js 16 (App Router, Turbopack)
- React 19
- Tailwind CSS 4
- TypeScript 5.9
- OpenNext for Cloudflare Pages deployment
bun install
bun devUses the OpenNext adapter for Cloudflare Pages.
bun run deployA pre-built image is published to GHCR on every release:
docker pull ghcr.io/valerius21/seal3d:latest
docker run -p 3000:3000 ghcr.io/valerius21/seal3d:latestOr build locally:
docker build -t seal3d .
docker run -p 3000:3000 seal3dTo use a custom hostname for metadata/SEO (default: seal3d.app):
docker build --build-arg APP_HOSTNAME=my-domain.com -t seal3d .Then open http://localhost:3000.
If you use Seal3D in your research, please cite it:
@software{seal3d,
author = {Mattfeld, Valerius Albert Gongjus and Quentin, Lars},
title = {Seal3D},
version = {0.3.0},
year = {2026},
url = {https://github.com/valerius21/seal3d},
note = {Client-side file encryption using AES-256-GCM and Web Crypto API}
}A CITATION.cff file is also provided for automated citation tools.
Seal3D is released under the MIT License.