EncryptedSend: send a secret that self-destructs
Share passwords, keys, private notes, and files through a one-time,
end-to-end encrypted link. Everything is encrypted locally in your
browser and decrypted locally in your recipient's browser; the link is
readable once, then it's gone. The server only ever sees unreadable
ciphertext.
- End-to-end encrypted on your device (OpenPGP / AES-256-GCM)
- The decryption key never reaches the server
- Burns after reading · no accounts · no tracking
How it works
Enter a message or attach a file, set when it expires and how many
times it can be opened, and share the encrypted link through your usual
channel. The recipient opens a one-time reveal screen, it decrypts in
their browser, and the secret is permanently destroyed on the server
once read. You can also create a request link that lets someone send
you a secret. The keypair is generated in your browser and the
private half never leaves it.
Why it's safe to trust
EncryptedSend is zero-knowledge by design. Even the operator can't read what you send.
-
Encrypted in your browser: encryption and
decryption happen entirely on your device using OpenPGP
(AES-256-GCM). Plaintext never leaves your computer.
-
The key never touches the server: your decryption
key lives in the link fragment (after the “#”), which browsers never
transmit.
-
Burn after reading: secrets self-destruct after
they're opened, or after the view limit and expiry you set.
-
Only ciphertext is stored: a breach of storage
would reveal nothing but scrambled bytes.
-
No accounts, no tracking: nothing to sign up for,
no personal information collected to share a secret.
-
Open, auditable crypto: built on battle-tested
open-source cryptography, not a homegrown scheme.
Questions
- Can you read my secret?
-
No. It's encrypted in your browser before it's sent, and the
decryption key travels in the link fragment, which is never
transmitted. The server only ever receives and stores ciphertext.
- How does the encryption work?
-
Your secret is encrypted in your browser with OpenPGP (AES-256-GCM),
the same open-source, audited cryptography that protects email and
files worldwide, not a homegrown scheme. It's decrypted only in your
recipient's browser using the matching key. Everywhere in between it
is meaningless ciphertext that no one, including us, can read.
- What happens after it's read?
-
It's permanently deleted from the server the moment it's claimed, or
after the view limit and expiry you chose. There's no archive and no
way to recover it.
- What if the link is intercepted?
-
Because secrets are one-time, if someone opens the link first your
recipient will find it already gone. Tampering is visible. Use a
short expiry and a channel you trust.
- Is the cryptography really trustworthy?
-
It uses OpenPGP with AES-256-GCM (standard, audited, open-source
cryptography) running client-side. Nothing homegrown.
- Could a supercomputer crack one of these links?
-
Not in any meaningful timeframe. Links with our auto-generated key
carry 22 random characters, about 131 bits of entropy. Even an
attacker making a sextillion guesses per second (comparable to the
entire global Bitcoin mining network aimed at your one secret) would
need around 43 billion years on average, more than three times the
age of the universe. For your own key: 15 truly random characters
hold for about 12 million years against a large GPU farm and about
12 years even against a nation-state attacker; 20 random characters
hold for millions of years even against the entire Bitcoin network.
We enforce a 15-character minimum. These figures assume truly random
characters; a guessable phrase falls far faster. And the key
stretching built into the encryption multiplies every number by
another large factor.
- Why do secrets have a maximum lifetime?
-
For security. A secret should not be sent until close to the time
your recipient will actually read it. The odds of anything you send
being intercepted and decrypted are close to zero, but the longer an
encrypted message exists anywhere, the larger the attack surface; a
message that no longer exists cannot be attacked at all. So we cap
how long a secret can live (one week by default) and recommend the
shortest expiry that works for you. And the moment your secret is
read, once or the number of times you chose, it is wiped permanently
from our servers, usually long before its deadline.
- Why is this service free?
-
It began as a tool I built for myself, a private way to send
sensitive files to my clients without any third party being able to
read them. They found it so useful that we opened it up, so friends,
family, colleagues, and clients could all have a genuinely private,
end-to-end encrypted way to send messages and files. Most other
services can technically see your files, because they encrypt on
their servers, and that was never acceptable to me. It's free because
it runs on Cloudflare's infrastructure at almost no cost, and I'd
rather more people have real privacy. I use it myself for the most
sensitive things I send, like passwords, API keys, and trade secrets,
trusting it because everything is protected by open-source AES-256
encryption that's computationally infeasible to crack with today's
technology. The one honest caveat: someday large-scale quantum
computers may challenge today's ciphers, and by then we'll move to
the proven quantum-resistant algorithms built to replace them.