CipherShare — Secure File Sharing

AES-256 · File Encryption RSA-2048 · Key Exchange SHA-256 · Integrity Check HMAC · Digital Signature

⚙️ EmailJS Configuration

Required to send encrypted keys via email. Free account at emailjs.com → Dashboard → copy your keys below.

Public Key

Service ID

Template ID

Not configured 📖 Setup Guide →

EMAILJS TEMPLATE VARIABLES (use these in your template):

{{to_email}} — recipient email | {{to_name}} — recipient name
{{from_name}} — sender name | {{file_name}} — encrypted filename
{{aes_key}} — AES session key | {{file_hash}} — SHA-256 hash
{{expiry_time}} — link expiry | {{message}} — optional message

01 · Select File to Encrypt

📁

Drop file here or click to browse

Any file type supported · Max 10MB

Decrypt Received File

🔒

Drop encrypted file here

Accepts .enc files

Secure File Vault

No encrypted files yet.
Encrypt a file from the Send tab to see it here.

Security Activity Log

[SYSTEM] CipherShare v1.0 initialized. All operations client-side only.

[INFO] AES-256, SHA-256, HMAC-SHA256 modules ready.

Cryptographic Architecture

AES-256-CBC

Advanced Encryption Standard with a 256-bit key in CBC mode. Used to encrypt the actual file content. A unique random session key is generated for every file upload, ensuring perfect forward secrecy between transfers.

RSA-2048 (Key Wrapping)

Asymmetric encryption used to wrap the AES session key. Only the recipient's private key can unwrap it. This solves the key distribution problem — the file can be shared publicly but only the intended recipient can decrypt it.

SHA-256

Secure Hash Algorithm produces a 256-bit fingerprint of the file before encryption. Upon decryption, the hash is recomputed and compared — any tampering, even a single bit flip, is immediately detected.

HMAC-SHA256

Digital Signature using Hash-based Message Authentication Code. Proves authenticity and non-repudiation — the receiver can verify the package was created by the sender and was not modified in transit.

Data Flow Diagram

SENDER SIDE:

FILE → [SHA-256 Hash] → hash
FILE → [AES-256 Encrypt] (random key K) → ciphertext
K → [RSA Encrypt with recipient pubkey] → wrapped_key
{ciphertext + hash + metadata} → [HMAC-SHA256] → signature

PACKAGE = { ciphertext, wrapped_key, hash, signature, metadata }

RECEIVER SIDE:

PACKAGE → [HMAC Verify] → ✓ authentic
wrapped_key → [RSA Decrypt with private key] → K
ciphertext → [AES Decrypt with K] → plaintext
plaintext → [SHA-256 Hash] → compare with stored hash → ✓ intact

Security Properties

Confidentiality

AES-256 encryption ensures only the key holder can read the file.

Integrity

SHA-256 hash detects any modification to file contents.

Authentication

HMAC signature verifies the package came from the claimed sender.

Non-repudiation

Digital signature prevents sender from denying transmission.

Forward Secrecy

Unique AES key per file — compromise of one doesn't affect others.

Expiry Control

Time-limited links reduce exposure window for shared files.