DEV Community: Graysoft Dev

I built a zero-knowledge file sharing app as a college student — here's what I learned about AES-256-GCM in the browser

Graysoft Dev — Fri, 13 Mar 2026 13:50:41 +0000

About a year ago, I was in my dorm room copying a 4GB project file to a flash drive to walk across campus. It felt absurd. Every cloud service either had file size limits, showed ads, or asked me to trust them with my data. So I started building something.

That project became FileShot.io — a zero-knowledge, end-to-end encrypted file sharing platform. This post isn't a product pitch. It's about the specific technical problem I had to solve: doing AES-256-GCM encryption entirely in the browser, before a single byte of data leaves the user's machine.

What "zero-knowledge" actually means here

Zero-knowledge architecture means the server genuinely cannot read your files. Not "we promise not to look" — the server can't look, because it never has the decryption key.

The key is derived from a password on the client side, and it lives only in the URL fragment (#) — the part of the URL the browser never sends to the server. When someone visits a FileShot link, their browser downloads the encrypted blob and derives the key locally from the fragment. The server sees only ciphertext.

The Web Crypto API: what I wish someone had explained to me

When I started, I assumed I'd use a library. Turns out browsers ship a robust cryptographic API natively: window.crypto.subtle. It's available in all modern browsers, hardware-accelerated where possible, and designed for exactly this.

Here's a minimal AES-256-GCM encryption flow:

async function encryptFile(fileBuffer, password) {
  const encoder = new TextEncoder();
  const salt = crypto.getRandomValues(new Uint8Array(16));

  const keyMaterial = await crypto.subtle.importKey(
    'raw',
    encoder.encode(password),
    'PBKDF2',
    false,
    ['deriveKey']
  );

  const key = await crypto.subtle.deriveKey(
    {
      name: 'PBKDF2',
      salt,
      iterations: 310000,
      hash: 'SHA-256'
    },
    keyMaterial,
    { name: 'AES-GCM', length: 256 },
    false,
    ['encrypt']
  );

  const iv = crypto.getRandomValues(new Uint8Array(12));
  const ciphertext = await crypto.subtle.encrypt(
    { name: 'AES-GCM', iv },
    key,
    fileBuffer
  );

  return { salt, iv, ciphertext };
}

A few things I learned the hard way:

The IV matters more than most tutorials imply. AES-GCM is an authenticated encryption scheme. The 96-bit IV must be random and unique per encryption operation — reusing an IV with the same key is a catastrophic failure that can expose the key stream entirely. crypto.getRandomValues is the right call here.

GCM gives you integrity checking for free. The authentication tag appended to the ciphertext fails verification if anyone tampers with even a single bit. No separate HMAC step needed.

PBKDF2 iteration count matters. 310,000 iterations is OWASP's current recommendation for PBKDF2-SHA256. I started with 100,000 — fine for 2020, outdated today. The slowdown is a few hundred milliseconds on weak hardware. Worth it.

What I didn't expect: streaming large files

The naive implementation — file.arrayBuffer() then encrypt the whole thing — works great until someone tries to upload a 2GB video. Then the tab crashes.

I rewrote the encryption layer to use the Streams API. Read the file in chunks, encrypt each chunk, stream the encrypted data directly to the upload. This was one of the harder parts:

async function* streamEncryptChunks(file, key) {
  const CHUNK_SIZE = 5 * 1024 * 1024; // 5MB
  let offset = 0;

  while (offset < file.size) {
    const slice = file.slice(offset, offset + CHUNK_SIZE);
    const buffer = await slice.arrayBuffer();
    const iv = crypto.getRandomValues(new Uint8Array(12));

    const encrypted = await crypto.subtle.encrypt(
      { name: 'AES-GCM', iv },
      key,
      buffer
    );

    yield { iv, data: new Uint8Array(encrypted) };
    offset += CHUNK_SIZE;
  }
}

Each chunk gets its own IV. Using the same IV across chunks would be a vulnerability — an attacker could compare ciphertext blocks to learn something about repeated plaintext patterns.

In production there's more to it: multipart uploads, a Web Worker for crypto so the UI doesn't freeze, upload progress tracking.

The URL fragment trick

The zero-knowledge design depends on the #fragment portion of the URL never being sent to servers. Browsers don't include it in HTTP requests.

When a user uploads and sets a password, key material is encoded into the URL fragment:

https://fileshot.io/f/abc123#keydata=...

Anyone with the full URL can decrypt in their browser. Anyone intercepting only the HTTP traffic gets nothing useful. The server storing the encrypted blob has no idea what's in it.

This pattern is well-established — Keybase used it, some Signal features use it — but implementing it from scratch teaches you exactly why it works.

Things I'd do differently

Argon2 instead of PBKDF2. Argon2id is memory-hard and significantly more resistant to GPU cracking. PBKDF2 is fine and widely supported, but if starting over I'd use Argon2 via WebAssembly. No native Web Crypto API support means shipping a WASM module — worth the tradeoff for a new project.

Separate the encryption key from access control. The current design couples "the key to decrypt" with "permission to access." A cleaner design uses asymmetric key wrapping — the file's AES key encrypted with the recipient's public key. But that requires accounts, which adds friction most casual users won't accept for a simple file share.

A real cryptographic audit before launch. I self-audited, which is the worst kind of audit. I'm too close to the code to catch subtle issues in my own mental model.

If you're building something with client-side crypto, crypto.subtle is more capable than I expected. The biggest hurdles were streaming large files without crashing the browser and understanding exactly when GCM's authentication tag is computed and verified.

The project is at fileshot.io — unlimited free file sharing, no account needed, encrypted in your browser before upload. Questions or pushback on the crypto choices welcome in the comments.

How I Built Zero-Knowledge File Sharing Using the Web Crypto API (No Server Ever Sees Your Data)

Graysoft Dev — Wed, 04 Mar 2026 21:15:35 +0000

When I built FileShot, I had one hard requirement: the server must never be able to read a user's file — ever.

Not encrypted at rest by a key the server holds. Not TLS. I mean genuinely zero-knowledge: the encryption key is generated in the browser, used in the browser, and never transmitted anywhere.

Here's how I did it using the Web Crypto API.

Why Zero-Knowledge?

Most file sharing services say "your files are encrypted" — but they mean encrypted with their key. If their database leaks, or a subpoena hits, all your files are exposed. True zero-knowledge means even the developer can't read the files.

The Web Crypto API is built into every modern browser and gives us access to hardware-backed cryptography. No npm packages, no external dependencies.

The Encryption Flow

Step 1: Generate the Key

const key = await crypto.subtle.generateKey(
  { name: 'AES-GCM', length: 256 },
  true,
  ['encrypt', 'decrypt']
);

AES-GCM is authenticated encryption — it provides both confidentiality and integrity. If anyone tampers with the ciphertext, decryption will fail.

Step 2: Encrypt the File

async function encryptFile(file, key) {
  const iv = crypto.getRandomValues(new Uint8Array(12));
  const fileBuffer = await file.arrayBuffer();
  const ciphertext = await crypto.subtle.encrypt(
    { name: 'AES-GCM', iv },
    key,
    fileBuffer
  );
  return { ciphertext, iv };
}

The IV (initialization vector) must be unique per encryption — never reuse an IV with the same key. crypto.getRandomValues() is cryptographically secure.

Step 3: Share the Key — In the URL Fragment

Here's the clever part: the decryption key needs to reach the recipient, but can't go through the server. We embed the exported key in the URL fragment (the # part):

const exported = await crypto.subtle.exportKey('raw', key);
const keyHex = Array.from(new Uint8Array(exported))
  .map(b => b.toString(16).padStart(2, '0'))
  .join('');

const shareUrl = 'https://fileshot.io/d/' + fileId + '#' + keyHex;

Why the fragment? URL fragments are never sent to the server in HTTP requests. The server sees /d/FILE_ID — it never sees the #KEYHEX part. This is a standard technique for client-side key transport.

Step 4: Decrypt on Download

When someone opens the share link, the decryption key is read from window.location.hash — entirely in-browser:

async function decryptFile(ciphertext, iv, keyHex) {
  const keyBytes = new Uint8Array(keyHex.match(/.{2}/g).map(b => parseInt(b, 16)));
  const key = await crypto.subtle.importKey(
    'raw', keyBytes,
    { name: 'AES-GCM', length: 256 },
    false,
    ['decrypt']
  );
  const plaintext = await crypto.subtle.decrypt(
    { name: 'AES-GCM', iv },
    key,
    ciphertext
  );
  return plaintext;
}

What the Server Actually Stores

The server stores only:

The encrypted ciphertext (AES-256-GCM)
The IV (not secret — required for decryption, safe to store)
File metadata (original filename, size, expiry, upload timestamp)

It never has:

The plaintext file content
The decryption key
Any way to derive the key

Even if you subpoena FileShot, there is nothing to hand over.

Browser Compatibility

The Web Crypto API is supported in all modern browsers: Chrome 37+, Firefox 34+, Safari 11+, Edge 12+. It is only available in secure contexts (HTTPS or localhost).

Try It Yourself

You can see this in action at FileShot.io — upload any file and the generated share link contains the decryption key in the URL fragment. Open DevTools Network tab and confirm the key never appears in any request.

The full encryption/decryption happens under 50ms even for multi-megabyte files, thanks to AES-GCM's hardware acceleration via AES-NI instructions on modern CPUs.

Zero-knowledge architecture is one of those things that sounds complicated but is surprisingly approachable with the Web Crypto API. If you're building any kind of file sharing, messaging, or notes app and care about user privacy, this pattern is worth adding to your toolkit.

Questions or feedback? Drop them in the comments.

Indie-operated tech and gaming news — no paywalls, no sponsored content (iByte)

Graysoft Dev — Tue, 03 Mar 2026 15:45:16 +0000

Why I started iByte

The big tech news sites have become corporate PR machines. Too many articles are just rewritten press releases. Too much "sponsored content" mixed in with actual news.

iByte is indie-operated tech and gaming news for developers and enthusiasts who want real coverage without the noise.

What we cover

Developer tools and open source releases worth knowing about
Indie game launches and updates
AI/ML news that actually affects developers
Security vulnerabilities and patches
Hardware releases relevant to devs and gamers
Startup news in the indie/developer space

What we don't do

Paywalls
Sponsored "journalism"
Cookie consent walls on the homepage
AI-generated content or scraped summaries

The site is updated daily. Everything is written or curated manually. If it makes it to iByte, I've read it and think it's worth your time.

Follow the latest

https://ibyte.site

RSS feed available. If you're tired of mainstream tech media, give it a look.

Automated crypto trading bots at $1/month per bot — no coding required (ZipDex)

Graysoft Dev — Tue, 03 Mar 2026 15:39:29 +0000

The problem with existing crypto bots

Most crypto bot platforms either:

Cost $50-200/month
Lock you into their preset strategies
Require you to set up and run your own infrastructure

ZipDex is different: $1/bot/month, full strategy customization, fully hosted.

What ZipDex is

A platform to build, configure, and run automated crypto trading bots. No coding required.

What you can do

Build bots with a visual strategy builder — set entry/exit conditions, stop-loss, take-profit
Backtest strategies against historical data before going live
Monitor bot performance in real-time
Run multiple bots on different trading pairs simultaneously
Works with major exchanges (Binance, Coinbase, Kraken)

Pricing model

$1/bot/month. Flat fee. No percentage of profits taken.

Running 5 bots costs $5/month total. That's it.

Try it

https://zipdex.io

Free trial available. If you've been trading manually and want to automate your strategies without paying enterprise prices, this is built for you.

A marketplace for buying and selling indie developer projects (iStack)

Graysoft Dev — Tue, 03 Mar 2026 15:39:06 +0000

The problem on both sides

As a developer who abandons projects: You put real work into something, then move on. That code sits on GitHub doing nothing.

As a developer who wants a head start: You want to build something but don't want to start from zero. Working code is worth money.

iStack connects both sides.

What iStack is

A marketplace for indie developers to buy and sell small software projects. Not enterprise acquisitions — side projects, tools, small SaaS apps, browser extensions.

Price range: $50 to $5,000.

For sellers

List your project and set your price
Get fair value for work you've already done
Transfer ownership securely through the platform

For buyers

Start with working code, not just an idea
Browse by tech stack, category, or revenue
Ask questions before buying

Try it

https://istack.site

If you've got a project collecting dust, it might be worth more than you think.

Skip the SaaS foundation work: auth, payments, and user management pre-built (DiggaByte)

Graysoft Dev — Tue, 03 Mar 2026 15:33:02 +0000

The problem

Building a new SaaS from scratch? You'll spend the first 2-4 weeks just wiring up:

User authentication (email + OAuth)
Stripe subscription billing
Email notifications
Admin dashboard
User roles and permissions
Database schema and migrations

Before writing a single line of actual product code.

What DiggaByte is

DiggaByte is a set of production-ready SaaS boilerplate templates. You pick your stack, buy once, and skip the foundation phase entirely.

What's included

User auth (email/password + Google/GitHub OAuth)
Stripe billing (subscriptions + one-time payments)
Admin dashboard with user management
Email via Resend/SendGrid with templates
Feature flags and role-based access
Onboarding flow
Database migrations

Available stacks

Next.js + Prisma + PostgreSQL
Express + React + MongoDB
More being added

Try it

https://diggabyte.com

One-time purchase, lifetime updates. If you're about to build your nth SaaS and reinvent the same wheel again, take a look.

I built a free SEO auditor that checks 100 pages — no signup required (SEODoc)

Graysoft Dev — Tue, 03 Mar 2026 15:32:35 +0000

Why I built SEODoc

I kept paying $100+/month for SEO tools, or hitting 3-page free limits and then a paywall. So I built my own.

SEODoc audits up to 100 pages of any website for free. No account needed.

What it checks

Meta titles and descriptions (missing, too long, duplicate)
H1/H2/H3 heading structure
Image alt text coverage
Internal and external link analysis
Page speed signals
Canonical tags and redirect chains
Mobile-friendly indicators

How it works

Enter a URL, hit go. SEODoc crawls up to 100 pages and returns a full report. Export as PDF or JSON.

Who it's for

Indie developers checking their own sites
Freelancers doing quick audits for clients
Anyone wanting actionable SEO data without enterprise pricing

Try it

https://seodoc.site

No credit card. No signup. Just paste your URL and go.

Free AI coding assistant in your browser — no signup, no install (Pocket guIDE)

Graysoft Dev — Tue, 03 Mar 2026 15:25:46 +0000

What is Pocket guIDE?

Pocket guIDE is a free AI coding assistant that runs entirely in your browser. No signup. No install. No cost.

The problem it solves

Most AI coding tools create friction before you start:

Create an account first
Set up an API key
Install a plugin or extension
Pay monthly to unlock features

Pocket guIDE removes all of that.

What you can do

Ask coding questions in plain English
Get code snippets explained line by line
Debug errors by pasting them in
Generate boilerplate for common patterns
Works on any modern browser

Try it free

https://pocket.graysoft.dev

No login required. Good for quick sessions when you don't want to spin up a full IDE.

I built a local LLM IDE that works completely offline — guIDE

Graysoft Dev — Tue, 03 Mar 2026 15:24:13 +0000

What is guIDE?

guIDE is a local LLM IDE that lets you run AI coding models completely offline on your own hardware. No API keys, no subscription, no data leaving your machine.

Why I built it

Every AI coding tool I tried had the same problems:

Monthly fees ($20-100/month)
Your code goes to someone else's server
Hard dependency on external API uptime

guIDE eliminates all three. Download a model once, run it locally forever.

What it does

Chat with a local LLM about your code
Inline code completions and explanations
Works with any GGUF model (Mistral, LLaMA, CodeLlama, Phi, etc.)
Fully offline after initial model download
No usage limits, no subscription

Try it free

No login required. Just download and run.

https://graysoft.dev

What local models are you running for coding? Would love to compare notes.