File Encryptor & Decryptor

Introduction:

Password-based file encryption turns ordinary bytes into ciphertext that should stay unreadable without the same password and the same recovery details. People reach for it when a workbook, archive, export, media file, or backup needs to move through storage or sharing channels that are not meant to expose the contents.

The password is only part of the story. Reliable recovery also depends on the key-derivation settings, the salt, the IV or nonce, and any extra authenticated context staying aligned. Lose one of those pieces and a valid encrypted file can become impossible to open later, even when the password itself is correct.

Modern file protection is not just about secrecy. A damaged or modified payload should also be detected instead of decrypting into plausible garbage. That is why authenticated encryption is usually the best starting point for new work, while older compatibility formats should be chosen only when another system truly requires them.

The practical decision is therefore simple to state and easy to get wrong: pick settings that are strong enough to resist offline guessing, then store enough metadata that the file can still be recovered later without guesswork.

Technical Details:

Password-based file encryption has several moving parts before the first byte is transformed. A key-derivation function (KDF) stretches the password into key material, a salt makes that derivation different for each run, and an IV or nonce keeps repeated encryptions from producing the same ciphertext under the same password. After that, the ciphertext has to carry or be paired with enough recovery details for decryption to be reproduced later.

AES-GCM is the authenticated path offered here. It is an AEAD mode, so it combines confidentiality and integrity in one operation, uses a 128-bit authentication tag, and works with a 12-byte nonce, which matches the 96-bit IV length NIST recommends for Galois/Counter Mode. Additional authenticated data (AAD) can be attached when a file should decrypt only in the same external context, such as a case number or project string.

The compatibility paths are broader. AES-CBC, AES-CTR, AES-CFB, and AES-OFB are available in 128-bit, 192-bit, and 256-bit variants. DES-CBC, TripleDES-CBC, RC4, and Rabbit are also present for older environments, but they should be treated as migration or interoperability choices rather than the starting point for new protection. For integrity outside AES-GCM, the page can add a separate SHA-256 HMAC sidecar.

Key derivation can follow Argon2id or PBKDF2-HMAC-SHA256. The built-in balanced Argon2id profile uses 19 MB and 2 passes, which aligns with the widely cited OWASP minimum. The hardened profile moves to 64 MB and 3 passes, which matches the memory-constrained recommendation from RFC 9106. PBKDF2 remains useful for compatibility; the preset here uses 600,000 iterations with SHA-256.

Decryption is easiest when the encrypted file already carries its own description. The current logic tries a JSON envelope first, then an OpenSSL-style Salted__ payload, then raw text, and finally raw binary. That order reflects how much metadata each format exposes on its own. Self-describing formats are more forgiving. Raw formats are smaller, but they fail fast when a salt, AAD value, encoding choice, or padding rule has been lost.

Everyday Use & Decision Guide:

For a new encrypted file, the strongest built-in path is Encrypt file, AES-GCM, Envelope, a strong password, and one of the Argon2id presets. Leave the IV or nonce and salt blank unless you are deliberately recreating an older workflow. The page will generate fresh random values, keep the recovery details with the ciphertext, and produce an output that is easier to hand off without side notes.

The two Argon2id presets serve different everyday needs. Balanced is a sensible minimum for normal sharing and storage. Hardened raises the cost further for cases where the extra processing time is acceptable. PBKDF2 should usually be chosen only when another system already expects it, or when you are matching an established compatibility policy.

Raw and raw binary outputs belong in tightly controlled pipelines where the salt, algorithm, KDF, encoding, padding, and any AAD are already being tracked elsewhere. If you cannot guarantee that bookkeeping, do not choose raw. The OpenSSL Salted__ options are similarly narrow: they are for AES-CBC interoperability, not for starting a new long-term archive strategy.

AAD is worth filling in when the same file should only decrypt in a known context, such as a ticket ID, project label, or incident code. That value is not encrypted, but it is authenticated under AES-GCM, so it must match exactly when the file is opened later. The HMAC switch matters most in non-GCM workflows, because GCM already includes an authentication tag.

• Evidence Ledger lists the fields that matter for audit and recovery, and it can be copied or exported as CSV or DOCX.
• Payload Footprint Map turns the size impact of ciphertext, salt, nonce, AAD, auth tag, and final download bytes into a chart with image and CSV export.
• Recovery Runbook gives a short settings-based checklist, which is especially useful when a chosen mode is weaker or more fragile.
• JSON stores the current inputs and the generated metadata in a form that can be dropped into ticket notes or reproducibility records.

Step-by-Step Guide:

1. Load the file, then choose whether you are encrypting a new payload or decrypting one you already received.
2. For new work, stay with AES-GCM and Envelope unless another system gives you a concrete reason to match a different format.
3. Enter the password and choose a KDF profile. Use Argon2id for new protection. Use PBKDF2 only when compatibility requires it.
4. Leave the IV or nonce and salt blank unless you are reproducing an existing setup. Add AAD only when the file should be tied to a known context string. Turn on HMAC for non-GCM modes when you need a separate integrity signal.
5. Run the operation and download the output. If you picked a raw format, immediately record the salt, algorithm, KDF settings, encoding, padding, and any AAD next to the file.
6. Review the summary badges, the Evidence Ledger, and the Recovery Runbook before sharing or storing the result. If the workflow needs documentation, export the ledger and JSON while the settings are still visible.

Interpreting Results:

The summary badges are the fastest check after each run. Posture: Hardened usually means AES-GCM, envelope packaging, and stronger KDF settings. Posture: Balanced means the current choices are workable but not ideal. Posture: Compatibility Risk appears when older ciphers, weak password signals, lower-cost derivation, or metadata-light packaging push the result toward a harder-to-trust path.

The Evidence Ledger is the authoritative record on the page. It reports the mode, format, algorithm label, KDF label and parameters, IV or nonce, salt, AAD length, auth-tag length where applicable, plaintext and ciphertext byte counts, download size, timestamps, and source type during decrypt operations. If you are debugging a failure, this table is more important than the output preview.

The Payload Footprint Map answers a different question: why did the finished file grow or shrink? It splits the result into plaintext, ciphertext, download bytes, nonce, salt, AAD, and auth-tag segments when those values exist. That is useful when comparing envelope against raw output, or when explaining why authenticated formats carry more bytes than the source file alone.

The Recovery Runbook is a plain-language checklist derived from the current settings. The JSON tab keeps the same run in a structured form. Both are worth saving when a protected file is headed into a handoff, ticket, or long-term retention process.

Worked Examples:

Sending a finance workbook to a colleague with the safest built-in path

Choose Encrypt file, keep the mode on AES-GCM (256-bit), use Envelope, pick the balanced or hardened Argon2id preset, and leave salt and nonce generation to the page. The result is a .stenc file that already contains the metadata needed for recovery, plus an Evidence Ledger you can export for your records.

Matching an AES-CBC compatibility workflow

If another environment expects an OpenSSL-style wrapper, choose an AES-CBC variant and one of the OpenSSL Salted__ outputs. In this path, the important follow-up is not just the password. The other side also needs the same PBKDF2 iteration assumption and the same padding choice. If you do not control both ends of that workflow, envelope output is safer.

Recovering a raw payload that arrived with separate notes

Suppose you receive Base64 ciphertext where the sender documented the salt, algorithm, and password in a ticket. To decrypt it, load the payload, select the matching algorithm and encoding, enter the salt in hex, and set any padding or AAD details exactly as recorded. Raw formats are workable only when that side metadata is complete and accurate.

Troubleshooting a decrypt failure

If you see a message about the wrong password, salt, IV, AAD, algorithm, or corrupted data, start with the format. Envelope files carry most of the recipe automatically, so the password is the first thing to verify. Raw outputs are different: compare the salt, padding, encoding, and AAD value before trying another password. For AES-GCM, even a single-byte change in AAD or ciphertext will stop decryption.

FAQ:

Glossary:

AEAD

Authenticated encryption with associated data. It protects secrecy and integrity together.

AAD

Additional authenticated data. It is checked for integrity but is not encrypted.

Argon2id

A modern password-based key-derivation function designed to make large-scale guessing attacks more expensive.

PBKDF2

An older password-based key-derivation method that remains common in compatibility-driven workflows.

Salt

Random input added to the password before key derivation so the same password does not always produce the same key material.

IV or nonce

A per-encryption value that keeps repeated runs from producing identical ciphertext under the same key.

HMAC sidecar

A separate SHA-256 integrity value attached to non-GCM workflows.

Salted__

A common OpenSSL header that prefixes a salted AES-CBC payload for compatibility-oriented exchange.