Encryption at Imageserver.pw

Learn how your files are protected — explained simply and technically.

TL;DR

1

Automatic Encryption

Every file is encrypted immediately upon upload — you don't have to do anything.

2

The Key is in the Link

Your link contains ?key=... — only with this can the file be opened.

3

We Don't Store the Key

Without your link, we (and no one else) can decrypt the file.

How Encryption Works

During Upload

  1. A random password (64 characters) is generated
  2. A random salt (16 bytes) is created
  3. A key is derived from password + salt (scrypt)
  4. Your file is encrypted with AES-256-CBC
  5. Only the encrypted file is stored

During Retrieval

  1. You open the link with ?key=...
  2. The server reads the salt from the encrypted file
  3. The key is reconstructed using your key
  4. The file is decrypted on-the-fly
  5. You see your file — without us ever storing it unencrypted

Why is This Secure?

Bank-Grade

AES-256 is the same algorithm used by banks and governments worldwide.

Random Salt

Each file has its own salt — even identical files look different when encrypted.

Zero-Knowledge

We never store your key. No link = no decryption possible.

Technical Details

Algorithm AES-256-CBC
Key Derivation scrypt (CPU + Memory intensive)
Key Length 256 bits (32 bytes)
Salt 128 bits (16 bytes), random per file
IV (Initialization Vector) 128 bits (16 bytes), random per file
Password Length 64 characters (hex-encoded, 256 bits of entropy)

Encrypted File Format (V2)

Version Salt (16 bytes) IV (16 bytes) Encrypted Data
1 byte 16 bytes 16 bytes Variable

The version byte (0x02) enables backwards compatibility with older encryption formats.

Frequently Asked Questions

Can staff members see my files?

No. Without the key from your link, the file is just unreadable garbage. We never store this key.

What happens if I lose the link?

The file is then irreversibly lost. We cannot recover it without the key.

Is AES-256 really secure?

Yes. To brute-force a 256-bit key with current technology would take longer than the age of the universe. AES-256 is NSA-approved for TOP SECRET documents.

Why scrypt instead of PBKDF2?

scrypt requires significant memory, making brute-force attacks with specialized hardware (GPUs, ASICs) extremely difficult.

Can I use my own encryption?

You can set a personal encryption key in your dashboard. This additionally encrypts your file keys — allowing you to manage all your uploads at a glance.

Ready for Secure Sharing?

Upload your first file and see for yourself.

Upload Now

More documentation: API: Upload via HTTP