Guides/AES-256-GCM
AES-256-GCM, explained without a maths degree
AES-256-GCM is the encryption primitive Elba uses. It is the same algorithm banks, messaging apps, and TLS use for the actual scrambling. Here it is in plain terms.
What each part means
AES is the algorithm — Advanced Encryption Standard, adopted by the US government in 2001 and unbroken since. 256 is the key length in bits — a very large number, chosen for a very large margin of safety. GCM is the mode — the wrapper that also detects tampering, not just scrambles.
Why GCM specifically
GCM (Galois/Counter Mode) gives you both confidentiality (nobody can read it) and authenticity (nobody can change it without you noticing). Older modes gave you only the first.
What AES-256-GCM does not do
It does not hide that a file exists. It does not protect against a keystroke logger reading your password. It does not save you if you forget the password. Elba's manual covers the honest edges.
Questions people actually ask
- Is AES-256-GCM enough for personal files?
- Yes, comfortably. It is the standard modern cloud providers use themselves.
- How is the key derived from a password?
- PBKDF2 with a per-folder salt, using many iterations to slow brute-force attempts.
Take the island
Elba is one HTML file. It runs locally in a Chromium browser, seals a folder with AES-256-GCM, never phones home, and becomes open source on 1 January 2030.
- €49MMXXVI· now ·
- €39MMXXVII2027
- €29MMXXVIII2028
- €19MMXXIX2029
- FreeMMXXX2030
the price falls each year · free to all 1 jan 2030
pay once · no account · nothing leavesRelated guides
- How client-side encryption works, in one page
Client-side encryption means the key never leaves your device. Here's how it works, why it matters, and how Elba applies it.
- Zero-knowledge encryption, explained without jargon
Zero-knowledge means the service can't read your files even if it wanted to. Here's the idea, and how Elba goes one further.
- What happens if you forget your encryption password?
The honest answer, with Elba: nothing gets in. There is no reset link. Here's how to make sure you never need one.