Guides/Client-side

How client-side encryption works, in one page

Client-side encryption is the property that your key exists only on your device. The server (if there is one) never sees your files unencrypted, and — crucially — never sees your key at all.

The two-line explanation

You type a password. Your device turns it into a key and uses that key to encrypt your files right there. Only encrypted output ever leaves your device — and in Elba's case, even that stays put.

Why it matters

Because ‘encrypted at rest’ is meaningless if the provider holds the key. Client-side encryption is the version where the provider genuinely cannot read your files — Elba pushes this to its limit by having no provider at all.

Questions people actually ask

Is end-to-end the same as client-side?
End-to-end usually means between two endpoints; client-side means the encryption happens on the endpoint. Signal is both; Elba is client-side without a second endpoint.

Take the island

Elba is one HTML file. It runs locally in a Chromium browser, seals a folder with AES-256-GCM, never phones home, and becomes open source on 1 January 2030.

  1. €49MMXXVI· now ·
  2. €39MMXXVII2027
  3. €29MMXXVIII2028
  4. €19MMXXIX2029
  5. FreeMMXXX2030

the price falls each year · free to all 1 jan 2030

pay once · no account · nothing leaves

Related guides