Øxfile
🔒 ZERO-KNOWLEDGE ENCRYPTION

Client-side encryption. Zero logs. Total privacy.

Start Encrypting
encryption-suite.ts
1  import { encrypt } from './crypto'
2
3  interface FileConfig {
4    encryption: 'AES-256',
5    access: 'ONE_TIME_ONLY',
6    logging: 'DISABLED',
7    expiry: number
8  }
9
10 export async function shareFile(file: File) {
11   const encrypted = await encrypt(file)
12   const link = generateLink(encrypted)
13
14   // Auto-destruct after first download
15   return { link, status: 'READY' }
16 }
ENCRYPTEDTS
AES-256

[ FEATURES ]

Privacy-first architecture

CLIENT-SIDE ENCRYPTION

Files encrypted in browser. Keys never touch servers.

ONE-TIME ACCESS

Links self-destruct after download. No second chances.

ZERO LOGS

No metadata, no records. Privacy by default.

AUTO-DESTRUCT

Configurable expiry. Files vanish without trace.

OPEN SOURCE

Fully auditable. No backdoors. Trust through transparency.

WEB3 READY

Decentralized architecture. Your files, your control.

[ ENCRYPTION FLOW ]

End-to-end process

ORIGINAL

secret_document.pdf

Plain text, readable

ENCRYPTED

8a9f7e3d2c1b5a4f...

AES-256-GCM

1

GEN KEY

256-bit

2

ENCRYPT

AES-GCM

3

UPLOAD

Encrypted

4

SHARE

Link+Key

How It Works

Understanding our zero-knowledge architecture

End-to-End Encryption

Click to see the detailed flow →

Every note is assigned a randomly generated 256-bit ID and a 256-bit encryption key. The ID is used solely for storing and retrieving the note, while the content is encrypted on the client side using AES-GCM with the generated key.

Only the encrypted data is sent to the server, which stores it entirely in memory without writing anything to disk. Because the server never receives the encryption key, it is technically unable to decrypt any note contents—even if attempted.

Client-Side Encryption

Server cannot read note contents

Expiration Timers

Optional view limits and time-based expiry

Memory Storage

In-memory only, no disk persistence

Open Source

Fully auditable and transparent code