zkChat

Private File Drop

One-time encrypted file sharing. Upload any file up to 10 MB—it self-destructs after one download or 24 hours.

Drop a file or click to select

Maximum file size: 10 MB

AES-256-GCMDownload onceAuto-expire (24h)

How Private File Drop Works

Client-side encryption with one-time download enforcement

File Lifecycle

1
Browsergenerates key + encrypts file
plaintext → ciphertext blob
2
Upload(raw binary only)
→ Server
3
Serverstores blob + returns ID
ID: xyz789
4
Share link:/f/xyz789#key:iv:mime:name
5
Recipientrequests encrypted blob
from Server
6
Serverdeletes blob immediately
🔥 destroyed
7
Browserdecrypts using #key
plaintext restored

Client-Side Encryption

Your file is encrypted with AES-256-GCM in your browser before upload. The server receives only encrypted bytes—mathematically impossible to read without the key.

Key in URL Fragment

The decryption key lives in the URL fragment (#key=...). Browsers never send fragments to servers, making it impossible for us to decrypt your file.

One-Time Download

Files can be downloaded exactly once. After the first download, the encrypted blob is permanently deleted from our servers and the link becomes invalid forever.

24-Hour Expiration

Uploaded files automatically expire after 24 hours if not downloaded. This ensures temporary sharing without long-term storage or lingering traces.

Private File Drop FAQ

Self-destructing encrypted file sharing — common questions about security and usage

Share sensitive documents securely (contracts, tax forms, ID scans), send client credentials or API keys, deliver medical records or legal files, exchange cryptocurrency wallet backups, share screenshots with sensitive information, send one-time passwords or QR codes, deliver confidential reports, or share private photos that shouldn't persist.