SBOsecureOpen source!
Free browser-based file and message encryption for everyone - no account, no installation, no data leaves your device
What is SBOsecure?
SBOsecure is a free, open source web application that lets you encrypt and decrypt files and messages directly inside your browser using public-key cryptography. Everything runs locally using your browser's built-in Web Crypto API - your data never leaves your device and no server receives it.
Whether you need to send private photos over email, share confidential documents, or simply keep personal files encrypted at rest, SBOsecure provides proper end-to-end encryption without requiring any technical expertise, paid subscription, or third-party service.
Key features
- Public-key encryption and decryption for files and messages
- Digital signatures - sign your files so recipients can verify authenticity
- Password-based encryption (PBKDF2) - no keys required for simple use cases
- Runs entirely in the browser - no server, no account, no installation
- Works with any file type and any file size your browser can handle
- No cookies, no tracking, no analytics
- Free and open source under the GNU General Public License v3
How it works
SBOsecure uses a public-private key pair. Your public key can be shared freely - anyone with it can send you encrypted files. Your private key (stored inside a keyset file that only you hold) is required to decrypt anything sent to you.
When someone encrypts a file for you, the content is encrypted with AES-256-GCM and the encryption key itself is wrapped using your RSA-OAEP public key. Only your private key can unwrap the encryption key and recover the original content. If the sender also has keys loaded, the package is automatically signed so you can verify it came from them.
The keyset file stores your private key encrypted with your password using PBKDF2-SHA-256. SBOsecure never sees your password or your private key in plaintext.
Getting started
Step 1 - Create your keys
Open the My Keys tab, click Create new key,
choose a name and password, then download your keyset file and public key.
Share your public.jwks.json file with anyone who needs to send you
encrypted content. Do this once.
Step 2 - Encrypt
Add the recipient in the Contacts tab by loading their public key.
Then go to Encrypt, type a message or select a file, check the
recipient, and click Encrypt. Download the resulting
.sbo.json file and send it by email or any other means.
Step 3 - Decrypt
Load your keyset file in My Keys, then go to
Decrypt and paste or load the .sbo.json file.
Click Decrypt. If the package was signed, SBOsecure shows
whether the signature is valid.
Password-based encryption
No key pair needed. The Password Enc. tab lets you encrypt and decrypt text using just a password. This uses PBKDF2-SHA-256 to derive an AES-256-GCM key from your password and an iterations count. Both the password and the exact iterations number are required to decrypt, so remember both.
Cryptographic algorithms
SBOsecure relies exclusively on standard algorithms implemented by your browser's Web Crypto API:
| Purpose | Algorithm |
|---|---|
| Content encryption | AES-256-GCM |
| Key wrapping | RSA-OAEP-2048 |
| Digital signatures | RSASSA-PKCS1-v1_5 |
| Password-derived keys | PBKDF2-SHA-256 |
No custom or experimental cryptography is used. All primitives are provided by the browser itself, meaning SBOsecure benefits from the security auditing and updates of your browser vendor.