InstantCryptor – file encryption for everyone

 In CloudRail

Cloud services with their ubiquitous accessibility and distribution of data provide opportunities for most comfortable data storage, yet privacy and security of the data you upload lies completely in the hands of the cloud provider. Solutions like BoxCryptor address this issue, yet installation of at least one program on your local computer is required. Depending on which computer you work on this might not only be time consuming but also impossible due to administrative restrictions.

This is where we, CloudRail, decided to step in and provide a browser-based tool that allows encrypting and uploading files as well as downloading and decrypting these files with just a few clicks. Using our CloudRail JavaScript SDK which provides easy access to different cloud services via a single interface, it was a matter of a day to build  a web-app that can be found at

How It Works

After the user has chosen and logged in to a cloud service of their choice, the app checks if a dedicated folder for encrypted files is already present. If this is not the case, a new folder is created and initialized with a text file that refers to the tool’s website (in case you have encrypted files in your cloud storage but don’t remember where to decrypt them). After, the user is presented with a field to enter a password and then the possibility to select a file. The password will be hashed with the SHA256 algorithm, the mode for encryption is 256 Bit Rijndael/AES (CBC mode). The file Blob will be read as an ArrayBuffer and fed into the encryption function. The result is then uploaded to the chosen cloud service. The uploaded files are displayed in the tool and decryption works accordingly. The code of the main JavaScript file is unminified and the interested developer can have a look at it, the main action happens in the last two functions at the end of the file.

In case this made you curious and you consider using CloudRail for your own app, head over to and have a look at the documentation, sign up and get your own free copy.


The padding used for the AES-CBC. Random information at the beginning increases entropy of the encrypted file.


After the initial release we got a lot of feedback which was mostly positive, yet one thing related to security and usability was mentioned multiple times: when you download one of your encrypted files and enter the wrong password, you’d just get gibberish because the decrypter fails without the proper password, yet cannot tell you that it did. The same thing would happen if the encrypted file had been modified. After discussing multiple ways of securing authenticity and integrity of the encrypted file, we decided to modify encryption and decryption as follows: instead of encrypting just the plain text with AES256-CBC we now append the SHA256 of the whole plain text to it before encryption (which makes the encrypted file 32 bytes bigger than before). Accordingly, after downloading a file we decrypt it and check if the last 32 bytes of the decrypted message are the same as the SHA256 of the preceding bytes. If this fails (either because the encrypted message or the encrypted hash have been changed or because a wrong password was entered for decryption) the user is notified and can download the file again (with the correct password).

The changes are online, files that have been encrypted before the change can still be properly decrypted, yet we recommend reuploading for best user experience.



Do you store my Dropbox or Google password?
No, we do not transfer or store any of your data on our server. All functionality happens locally in your browser. Feel free to double check this in the source code.

Are my files transferred via your server?
No, the application runs in your browser and communicates directly with Dropbox or Google.

Receive our newsletter

  • Get updates about CloudRail
  • Read about new Services
  • Get insights in IoT and Cloud topics

Start building today

Recent Posts