Hash Web - Secure File Sharing

ZERO-KNOWLEDGE ENCRYPTION

Client-side encryption. Zero logs. Total privacy.

encryption-suite.ts

1  import { encrypt } from './crypto'
2
3  interface FileConfig {
4    encryption: 'AES-256',
5    access: 'ONE_TIME_ONLY',
6    logging: 'DISABLED',
7    expiry: number
8  }
9
10 export async function shareFile(file: File) {
11   const encrypted = await encrypt(file)
12   const link = generateLink(encrypted)
13
14   // Auto-destruct after first download
15   return { link, status: 'READY' }
16 }

ENCRYPTED

TypeScript

AES-256-GCM

Core Features

Privacy-first architecture built for security

CLIENT-SIDE ENCRYPTION

Files encrypted in browser. Keys never touch servers.

ONE-TIME ACCESS

Links self-destruct after download. No second chances.

ZERO LOGS

No metadata, no records. Privacy by default.

AUTO-DESTRUCT

Configurable expiry. Files vanish without trace.

OPEN SOURCE

Fully auditable. No backdoors. Trust through transparency.

WEB3 READY

Decentralized architecture. Your files, your control.

Encryption Flow

End-to-end encryption process visualized

ORIGINAL FILE

secret_document.pdf

Plain text, human-readable

Status: Unprotected

ENCRYPTED DATA

8a9f7e3d2c1b5a4f6d8e9c0a...

Encrypted with AES-256-GCM

Status: Secured

Security Process

GENERATE KEY

256-bit random

Cryptographically secure random key generation

ENCRYPT FILE

AES-256-GCM

Client-side encryption in browser

SECURE UPLOAD

Encrypted data

Only encrypted data sent to server

SHARE LINK

URL + Key

Secure sharing with unique link

GENERATE KEY

256-bit random

Cryptographically secure random key generation

ENCRYPT FILE

AES-256-GCM

Client-side encryption in browser

SECURE UPLOAD

Encrypted data

Only encrypted data sent to server

SHARE LINK

URL + Key

Secure sharing with unique link

How It Works

Understanding our zero-knowledge architecture

End-to-End Encryption

Click to see the detailed flow

Every note is assigned a randomly generated 256-bit ID and a 256-bit encryption key. The ID is used solely for storing and retrieving the note, while the content is encrypted on the client side using AES-GCM with the generated key.

Only the encrypted data is sent to the server, which stores it entirely in memory without writing anything to disk. Because the server never receives the encryption key, it is technically unable to decrypt any note contents—even if attempted.

Client-Side Encryption

Server cannot read note contents. All encryption happens in your browser before upload.

Expiration Timers

Optional view limits and time-based expiry. Files self-destruct automatically.

Memory Storage

In-memory only, no disk persistence. Data vanishes after download or expiry.

Open Source

Fully auditable and transparent code. No hidden backdoors or tracking.