How FileSender encrypts files
The FileSender application has two main parts:
- The script that runs in your browser. This is responsible for setting off file uploads and downloads, encryption, and password generation.
- The server application. This stores your files and sends invitations to people you want to share them with.
This allows FileSender to separate out any encryption-related activities from file storage. This has a few benefits:
- The server doesn’t see exactly what the browser-based script does to encrypt your files. Hacking attacks on the server are pointless; if someone gained access to the FileSender server, they might be able to access your encrypted files – but they’d have no data available on how to decrypt them, because the FileSender server doesn’t know how.
- If the files are intercepted in transit – for example, if your Wi-Fi network is compromised – then they’re already encrypted while they’re moving. This means that any interceptors can’t decrypt your files.
- Separating the file encryption and decryption functions from storage helps to keep your files safer.
Encryption used
FileSender supports full end-to-end encryption using AES-GCM with PBKDF2 to protect the integrity of encrypted files. This ensures the information you encrypt is exactly the same when it is decrypted. Once data is encrypted in your browser, it cannot be intercepted and modified without FileSender detecting the change when it decrypts the files and halting the process.
Note: If you’ve enabled encryption when sending files, you must record the password that you used. FileSender uses this to encrypt the files, and without it, the recipient won’t be able to read the files. If you lose this password, your only option is to resend the files; AARNet Support cannot help you to decrypt the files.
How it works
You can send one or more encrypted files in FileSender.
Upload:
- Add files to FileSender in your browser window.
- Specify an encryption password.
- FileSender encrypts the files before it reaches the server.
- Your browser uploads the encrypted files to the FileSender server.
Password communication:
- Manually send the encryption password to the person who needs to download the files.
Download:
- Visit the unique file link provided by FileSender or the person who uploaded the files.
- Enter the encryption password.
- Your browser downloads the encrypted files.
- FileSender decrypts the files in your browser and checks them.
- Your browser saves the decrypted files to your device.
Create a password
FileSender can generate a password for you. Remember to copy the password to a safe location.
Alternatively, use a dedicated password manager with a password generation feature. Many password managers will allow you to:
- Automatically save your password on a secure server.
- Share specific passwords with other people, without ever sending the password in clear text.
Performance impacts
Encryption can affect your processing, upload, and download speeds.
FileSender encrypts and decrypts files in your web browser, so batches of files larger than 4 GB may not transfer. If you need to send more than 4 GB of encrypted files, we recommend sending them in multiple batches.
Encrypt your FileSender files
- Add your files and fill out the recipient details. Find out more about how to send a file with FileSender.
-
Under Transfer settings, toggle File Encryption.
-
Enter a unique password that you can send to the recipient after you upload and send your files. We advise that you do this via a separate communication channel, preferably one that is secure or encrypted, such as Slack or Signal.
If you send the password to the same email address as the FileSender invitation, you negate most of the security you gain by encrypting the files – anyone with access to the recipient’s email can also decrypt the files you send.
Click Generate password to have FileSender automatically generate a password for you. - Finish your configuration and click Send.