About Hat.sh

Hat.sh is a Javascript app that provides secure file encryption using the AES-256-GCM algorithm from the WebCryptoAPI included in your browser.

It's fast, secure and runs locally - the app never uploads any files to the server.

To encrypt a file, click Browse, select a file, type in a password or generate one using the built-in password generator, and then press Encrypt. Within a few seconds, the encrypted file will be ready to download.

How does it work?


An encryption key is derived from the given password using the PBKDF2-SHA512 algorithm.


Key Derivation

PBKDF2 uses a random 128-bit salt and 80,000 iterations to generate a unique 256-bit encryption key.



The file is read into memory and encrypted using AES-GCM with the generated key and a 128-bit random nonce.



Does Hat.sh log or store any of my data?

NO, Hat.sh never stores any of your data. The program runs locally in your browser.

Is Hat.sh free?

YES, Hat.sh is free and always will be. However, please consider donating to support the project.

How do I use Hat.sh?

It's very simple, browse for a file, generate a password or type one, click the Encrypt or Decrypt button.

Which file types are supported? Is there a file size limit?

Hat.sh accepts all file types. There's no file size limit, meaning files of any size can be encrypted, depending on how much size your RAM can hold. (usually around 2.5GB).

Is Hat.sh secure?

Yes, the app encrypts files using the AES-GCM algorithm provided by the WebCryptoAPI. Everything is done offline in your browser - no data is sent to any server.

I forgot my password, can I still decrypt my files?

NO, we don't know your password. Make sure you remember your password before encrypting any files.

How can I contribute?

Hat.sh is an open-source application. You can help make it better by making commits on GitHub. The project is maintained in my free time. Donations of any size are appreciated.