SendCrypted | How It Works

Welcome to SendCrypted. The aim of this software is to provide a simple yet secure we to share sensitive information. The client side code is intentionally simple to allow for easy auditing. All encryption happens in the browser and the plain text data and encryption key are never sent to the server.

  1. A random string is generated in the browser to be used as the encryption key.
  2. If an additional password is provided, it is concatenated with the key.
  3. The secret data is encrypted in the browser using AES256 and the key/key and password.
  4. The encrypted data is sent to the server to be stored in the database and a unique identifier is returned.
  5. A link is generated in the browser that refers to the stored secret.
  6. The key is added to the link as the fragment portion of the URL. (The fragment is not sent to the server by the browser)
  7. When the link is used, the server deletes and returns the encrypted data.
  8. The key is recovered from the URL fragment.
  9. The key is used to decrypt and display the data in the browser.