Security & Privacy
CryptDrop is designed so that your sensitive data never has to leave your device. Here's exactly what stays local and what reaches the network.
What stays on your device
These operations happen entirely in your browser. No data is sent to CryptDrop or any other server. Even if someone intercepted your network traffic, they would see none of this.
Key generation
Your private and public keys are generated using Curve25519 via OpenPGP.js, entirely in your browser. The private key is protected with your passphrase before it ever touches storage.
File encryption & decryption
Files are encrypted and decrypted using AES-256 inside your browser tab. Plaintext file data is never written to disk, sent over the network, or stored anywhere outside of temporary browser memory.
Digital signatures
When you sign a file, your private key creates the signature locally. When you verify a signature, the check happens locally too. No server is involved.
Private key storage
If you choose "Remember this key", the passphrase-encrypted private key is saved to your browser's IndexedDB. It never leaves your device. Without your passphrase, the stored key is unreadable.
Contact address book
Saved contacts (names, emails, public keys) are stored in your browser's localStorage. This data stays on your device and is never synced or uploaded.
Activity history
The history of your encrypt/decrypt operations is stored in localStorage. It includes filenames, sizes, and recipient emails — but never file contents. You can clear it at any time, or enable auto-clear on tab close.
What reaches the cloud
CryptDrop makes network requests to two destinations: the keys.openpgp.org public keyserver, and the CryptDrop backend API (for key registry, invitations, and email notifications). Files and private keys never leave your browser.
Public key lookup
When you look up a recipient by email, CryptDrop first checks its own registry (GET /api/lookup/:email). If not found there, it falls back to the keys.openpgp.org public keyserver. Only the email address is sent — no files, no private keys, no other data.
Public key publishing
If you choose to publish your public key, the armored public key text is uploaded to keys.openpgp.org so others can find you. Your private key is never included. The keyserver sends a verification email to confirm ownership.
Email verification
After publishing to the keyserver, CryptDrop sends a verification request so it can email you a confirmation link. Only the token and email address are sent.
Key registration
When you generate a new key pair, your name, email address, public key, and key fingerprint are registered with the CryptDrop backend. This lets others find your key by email via the registry. Your private key and passphrase are never sent.
Invitation emails
When you invite someone to use CryptDrop, their email address and your name are sent to the CryptDrop backend, which sends them an invitation email via Resend. No files or keys are involved.
Decrypt instructions email
Optionally, after encrypting a file you can send the recipient an email with instructions for decrypting it. Only their email address, your name, and the filename are sent — never the file itself.
What is never transmitted
The following data never leaves your browser under any circumstances. There is no mechanism in CryptDrop to send this data, and the Content Security Policy restricts outbound connections to only keys.openpgp.org and the CryptDrop backend.
How CryptDrop hardens your security
Beyond the encryption itself, multiple layers of protection are built into the app to minimize attack surface and protect your data.
Content Security Policy
A strict CSP header blocks all outbound connections except to keys.openpgp.org. Inline scripts are locked to specific SHA-256 hashes. This prevents cross-site scripting (XSS) attacks from exfiltrating your data.
Modern cryptography
Keys use Curve25519 (Ed25519 for signing, X25519 for encryption) via OpenPGP.js 6.x. Symmetric encryption uses AES-256. These are the same algorithms recommended by NIST and used by Signal.
Passphrase protection
Private keys are encrypted with your passphrase before storage. Passphrases must be at least 12 characters and meet a minimum strength score. They are never stored — only held in memory during key operations, then cleared.
Decrypted file auto-clear
After decryption, plaintext file data is held in memory only long enough for you to download it. A 5-minute timer automatically clears the decrypted content from browser memory.
Filename sanitization
Filenames embedded in encrypted files are sanitized on decryption to prevent path traversal attacks. Control characters, directory separators, and excessive lengths are stripped.
Keyserver response validation
When looking up a public key by email, CryptDrop verifies that the returned key actually contains a matching email in its user ID. This prevents the keyserver from returning a wrong or malicious key.
Security headers
HSTS with 2-year preload, X-Frame-Options: DENY, Cross-Origin-Opener-Policy, and Referrer-Policy: no-referrer. These prevent clickjacking, cross-origin attacks, and referrer leakage.
No tracking or analytics
CryptDrop has no analytics scripts, no tracking pixels, no cookies, and no third-party resources. The site loads only its own assets and connects only to keys.openpgp.org when you explicitly request it.
Don't take our word for it
CryptDrop is built on OpenPGP.js, a widely audited open-source encryption library. The source code is publicly available for review — you can read every line, inspect the network requests in your browser's DevTools, and verify every claim on this page yourself.