ByteSeal — offline file encryption
A small, browser-based tool for encrypting files locally without relying on servers, accounts, or cloud storage.
Project created: Dec. 2025 | Last updated: Jan 2026
ByteSeal is a browser-based tool for encrypting files locally. Encryption and decryption happen entirely on the user’s device, with no uploads or server involvement.
Files are packaged into self-contained encrypted containers using password-derived keys. ByteSeal is intentionally limited in scope and focuses on correctness, transparency, and local control.
Overview
Problem
Many encryption workflows depend on native applications, opaque binaries, or cloud-backed services. I wanted a transparent, browser-native approach that works offline and keeps data entirely local.
Approach
A single-page web application that derives encryption keys from a user-provided password and outputs a portable, self-describing encrypted container.
Core stack
Web Crypto API · AES-GCM · PBKDF2 · Vanilla JavaScript · HTML/CSS
Architecture
ByteSeal follows a simple, linear flow: file ingestion, metadata preparation, encryption, and container assembly. Decryption performs validation, authentication, and restoration in reverse.
- File input: Reads file bytes and captures minimal metadata (filename and MIME type).
- Key derivation: Derives an encryption key from the user password using PBKDF2 and a random salt.
- Encryption: Encrypts metadata and file contents together using authenticated encryption.
- Container format: Prepends a small plaintext header containing magic bytes, version, salt, and IV.
- Restoration: Validates the container, decrypts the payload, and reconstructs the original file.
Key characteristics
Offline by design
Runs without network access once loaded. Files never leave the device.
Authenticated encryption
Detects incorrect passwords and tampering during decryption.
Self-contained containers
Each encrypted file contains all information required for restoration.
No external dependencies
Uses browser-native APIs only. No third-party libraries or build steps.
Minimal attack surface
No backend services, no storage, no cookies, and no persistent state.
Screenshots
Sample code snippet
Example showing how randomness is generated before encryption:
// Generate randomness for each encryption const salt = crypto.getRandomValues(new Uint8Array(16)); const iv = crypto.getRandomValues(new Uint8Array(12)); // Derive key from password const key = await deriveKey(password, salt);
Possible future changes
- Password strength feedback
- Improved handling of very large files
- Multi-file containers
- Container format evolution
- Optional metadata reduction
Links
GitHub: github.com/grayguava/byteseal
GitHub: byteseal.pages.dev