Guides/Client-side
How client-side encryption works, in one page
Client-side encryption is the property that your key exists only on your device. The server (if there is one) never sees your files unencrypted, and — crucially — never sees your key at all.
The two-line explanation
You type a password. Your device turns it into a key and uses that key to encrypt your files right there. Only encrypted output ever leaves your device — and in Elba's case, even that stays put.
Why it matters
Because ‘encrypted at rest’ is meaningless if the provider holds the key. Client-side encryption is the version where the provider genuinely cannot read your files — Elba pushes this to its limit by having no provider at all.
Questions people actually ask
- Is end-to-end the same as client-side?
- End-to-end usually means between two endpoints; client-side means the encryption happens on the endpoint. Signal is both; Elba is client-side without a second endpoint.
Take the island
Elba is one HTML file. It runs locally in a Chromium browser, seals a folder with AES-256-GCM, never phones home, and becomes open source on 1 January 2030.
- €49MMXXVI· now ·
- €39MMXXVII2027
- €29MMXXVIII2028
- €19MMXXIX2029
- FreeMMXXX2030
the price falls each year · free to all 1 jan 2030
pay once · no account · nothing leavesRelated guides
- AES-256-GCM, explained without a maths degree
AES-256-GCM in one page — what it is, why Elba uses it, and what it does and doesn't protect against.
- Zero-knowledge encryption, explained without jargon
Zero-knowledge means the service can't read your files even if it wanted to. Here's the idea, and how Elba goes one further.
- A browser-based file encryption tool that never phones home
Elba is a browser-based file encryption tool: one HTML file, AES-256-GCM, zero network calls. Encrypt and decrypt inside a Chromium tab.