UtilityTools

File Encryption Tool

Lock any file with AES-256-GCM. We generate a random key, encrypt the file, and give you both — the encrypted file can only be opened by the matching key. Everything runs in your browser.

⚠ Read before you encrypt:
The encrypted file embeds the original filename and a unique 96-bit IV. When you decrypt later, the original name and extension are restored automatically.

How it works

  1. The browser's built-in crypto.subtle generates a fresh, cryptographically random 256-bit AES key.
  2. A unique 96-bit IV (initialization vector) is generated for this file alone — never reused.
  3. Your file is encrypted with AES-GCM, which also produces an authentication tag that detects any tampering.
  4. The output blob layout: [2-byte name length] [original filename] [12-byte IV] [ciphertext + GCM tag].
  5. The key is exported as raw bytes and shown to you in Base64 for easy copy-paste or saving as a small text file.
  6. To decrypt, the same key + the same .enc file → original file restored, with its original name.

FAQ

How strong is the encryption?

AES-256 in GCM mode — the same algorithm used by HTTPS, modern VPNs and full-disk encryption. With a properly random 256-bit key, brute-force attacks are computationally infeasible.

Is the file uploaded anywhere?

No. Encryption and decryption happen entirely in your browser using the W3C Web Crypto API. The file and key never leave your device.

What happens if I lose the key?

The file is permanently unrecoverable. AES-256 has no backdoor. Always save the .key file the moment it's generated — preferably in two places.

Can two encrypted files share a key?

If you re-encrypt the same source file you'll get a different key and a fresh IV every time. There is no key reuse — each encryption is independent.

What's the size limit?

Files are processed in memory, so the practical limit depends on your browser. Most handle a few hundred megabytes; for very large files, use a desktop tool.

Will the file extension be preserved?

Yes. The original filename (including extension) is stored inside the encrypted blob and restored automatically when you decrypt.

🔒 100% client-side encryption. The file, the key and everything in-between never leave your browser.

File Encryption guide

The File Encryption tool encrypts a local file with AES-256 in your browser and gives you an encrypted file plus the key needed to decrypt it. It is designed for everyday protection before storing a file in cloud storage, sending it to someone, or keeping a private archive on removable media.

Because the file is processed locally, you do not need to upload sensitive documents to a conversion service. The most important rule is simple: keep the key safe. If the key is lost, UtilityTools.eu cannot recover the encrypted file.

When to use it

How to use it

  1. Choose the file you want to protect.
  2. Generate or enter the encryption key according to the tool controls.
  3. Run encryption and download the encrypted output file.
  4. Store the key separately from the encrypted file.
  5. Test decryption with a non-critical copy before relying on the encrypted archive.

Example

Input

A PDF named invoice-records.pdf.

Output

An encrypted file that cannot be opened without the generated key.

Send the encrypted file and the key through different channels whenever possible.

Privacy

The selected file is read by your browser and encrypted locally. It is not uploaded to UtilityTools.eu. The server only provides the web page and supporting JavaScript.

Limitations and accuracy notes

FAQ

Can I decrypt the file later?

Yes, if you keep the encrypted file and the exact key. Without the key, the file is not recoverable.

Is this the same as a password-protected ZIP?

No. This tool encrypts the file content directly using browser cryptography rather than creating a ZIP container.

Should I email the key with the file?

Avoid that. Use a separate channel such as a phone call, password manager share, or another secure message.

Related tools

Password GeneratorGenerate strong random passwords. Hash GeneratorCompute SHA-1, SHA-256, SHA-384, SHA-512. P2P File Transfer (no upload)Send any file directly browser-to-browser via WebRTC. The file never touches our server — DTLS-encrypted, no size cap, no account. PDF SignerDraw or type a signature, place it on any PDF page, download the signed file. EXIF Viewer / RemoverShow EXIF metadata, then strip it by re-encoding via canvas. JWT DecoderDecode the header and payload of any JSON Web Token.