ByteSeal — offline file encryption

A small, browser-based tool for encrypting files locally without relying on servers, accounts, or cloud storage.

Project created: Dec. 2025 | Last updated: Jan 2026

ByteSeal is a browser-based tool for encrypting files locally. Encryption and decryption happen entirely on the user’s device, with no uploads or server involvement.

Files are packaged into self-contained encrypted containers using password-derived keys. ByteSeal is intentionally limited in scope and focuses on correctness, transparency, and local control.

Overview

Problem

Many encryption workflows depend on native applications, opaque binaries, or cloud-backed services. I wanted a transparent, browser-native approach that works offline and keeps data entirely local.

Approach

A single-page web application that derives encryption keys from a user-provided password and outputs a portable, self-describing encrypted container.

Core stack

Web Crypto API · AES-GCM · PBKDF2 · Vanilla JavaScript · HTML/CSS

Architecture

ByteSeal follows a simple, linear flow: file ingestion, metadata preparation, encryption, and container assembly. Decryption performs validation, authentication, and restoration in reverse.

File input: Reads file bytes and captures minimal metadata (filename and MIME type).
Key derivation: Derives an encryption key from the user password using PBKDF2 and a random salt.
Encryption: Encrypts metadata and file contents together using authenticated encryption.
Container format: Prepends a small plaintext header containing magic bytes, version, salt, and IV.
Restoration: Validates the container, decrypts the payload, and reconstructs the original file.

Key characteristics

Offline by design

Runs without network access once loaded. Files never leave the device.

Authenticated encryption

Detects incorrect passwords and tampering during decryption.

Self-contained containers

Each encrypted file contains all information required for restoration.

No external dependencies

Uses browser-native APIs only. No third-party libraries or build steps.

Minimal attack surface

No backend services, no storage, no cookies, and no persistent state.

Screenshots

Sample code snippet

Example showing how randomness is generated before encryption:

// Generate randomness for each encryption
const salt = crypto.getRandomValues(new Uint8Array(16));
const iv   = crypto.getRandomValues(new Uint8Array(12));

// Derive key from password
const key = await deriveKey(password, salt);

Possible future changes

Password strength feedback
Improved handling of very large files
Multi-file containers
Container format evolution
Optional metadata reduction

Links

GitHub: github.com/grayguava/byteseal

GitHub: byteseal.pages.dev