Text
File
Input
Output
Encryption Key
Technical Specifications
Encryption Specifications
SecureCrypt implements industry-standard cryptographic protocols:
- AES-256-GCM - 256-bit key size with Galois/Counter Mode (NIST approved)
- Key Generation - 32-byte (256-bit) cryptographically secure random keys
- Initialization Vector - 12-byte random IV per encryption
- Authentication - 128-bit GCM authentication tags
- Key Wrapping - PBKDF2 with SHA-256 for passphrase strengthening
Key Derivation Details
When using a passphrase instead of a random key:
- PBKDF2-HMAC-SHA256 - Password-Based Key Derivation Function 2
- Iterations - 600,000 (NIST recommended minimum)
- Salt - 16-byte cryptographically random per derivation
- Output - 32-byte derived key material
Data Container Format
All encrypted data follows the ENCv1 specification:
{
"v": 1, // Format version
"alg": "AES-GCM", // Encryption algorithm
"kdf": { // Key derivation params
"name": "PBKDF2",
"hash": "SHA-256",
"iters": 600000,
"salt_b64": "••••••••••••" // Random salt
},
"iv_b64": "••••••••••••", // Initialization vector
"keyType": "passphrase", // Key source
"created": "2025-09-06T00:00:00Z",
"type": "text", // Content type
"orig": { // Original file info (if applicable)
"name": "document.pdf",
"mime": "application/pdf",
"size": 123456
}
}
Security Considerations
- All operations occur locally in your browser
- No data is ever transmitted over the network
- Keys and plaintext are never stored on disk
- Protects against offline attacks but not compromised devices