Skip to content

Answers/The problem queries

Encrypt files *before* they reach Dropbox, iCloud, or OneDrive

Cloud providers can only sync what you give them. If the file arrives at their servers already encrypted with a key they will never have, everything downstream — replication, indexing, previews, third-party access — is stuck at ciphertext. This is the whole point of client-side encryption.

The workflow

Pick the folder you want to sync but not expose. Seal it into an encrypted bundle on your machine. Put the bundle in your sync folder. The sync client uploads bytes it cannot read. You unseal it locally when you need the contents.

The tradeoff is granularity — the sync client uploads the whole bundle when any file inside changes, versus syncing individual files. For a personal 'documents' folder, this is usually fine.

One HTML file as the sealer

Elba is a single HTML file that opens in Chrome or Edge. Point it at a folder; it produces one encrypted bundle. No install, no account, no network requests. The sealing happens entirely in the browser tab.

Questions people actually ask

What about Cryptomator?
Cryptomator encrypts per file, which is better if you need selective sync. Elba encrypts the whole folder into one bundle, which is simpler if you don't.
Can I open the bundle on a phone?
Not currently — Elba is a desktop tool. Bring the bundle back to your laptop, open Elba, and unseal there.

Take the island

Elba is one HTML file. It runs locally in a Chromium browser, seals a folder with AES-256-GCM, never phones home, and becomes open source on 1 January 2030.

  1. €49MMXXVI· now ·
  2. €39MMXXVII2027
  3. €29MMXXVIII2028
  4. €19MMXXIX2029
  5. FreeMMXXX2030

the price falls each year · free to all 1 jan 2030

pay once · no account · nothing leaves

Related answers