Your files. Your keys.
Zero knowledge.

End-to-end encrypted file sharing that even we can't read. Everything is encrypted in your browser before it ever touches the server. Self-hosted. Open source.

Self-Host Now → ⭐ View on GitHub

Three steps. Zero trust required.

NyxVault never sees your files. The entire encryption and decryption happens in your browser.

1
🔐

Encrypt

Your file is encrypted in your browser with XSalsa20-Poly1305 and an Argon2id-derived key before it ever leaves your device.

2
📤

Share

Get a unique link. Set an expiry. Optionally enable burn-after-reading for self-destructing files. Share via QR code.

3
🔓

Decrypt

The recipient decrypts in their browser — with a passkey (Face ID / Touch ID / Windows Hello) or a passphrase. Preview images, video, audio, PDFs, and text — all client-side.

Built for privacy. Designed for humans.

Every feature preserves zero-knowledge. The server is deliberately blind.

New
👆

Passkey Decryption

Unlock files with Face ID, Touch ID, or Windows Hello — no passphrase to remember or share. Built on WebAuthn PRF envelope encryption: every registered passkey can open every vault file, and the server never sees a single key. Prefer a passphrase? Still there as an explicit option — zero-knowledge either way.

Zero Knowledge

The server stores only ciphertext. No plaintext, no passphrase, no filename, no content type. We couldn't read your files even if we wanted to.

🔥

Burn After Reading

Self-destruct on first successful decryption. Server-side single-use lock on the ciphertext, with secure overwrite before deletion.

In-Browser Preview

Images, videos, audio, PDFs, and text previewed directly after decryption. No downloads to your disk required.

VirusTotal Scan

Opt-in hash-based malware check. Only the SHA-256 hash is sent — never the file. Clear privacy warning for sensitive files.

📱

QR Code Sharing

Open any download link on your phone by scanning a QR code. Generated client-side with zero external calls.

Open Source

MIT licensed. Audit the code yourself. Self-host in minutes. No accounts, no tracking, no analytics.

Cryptography you can verify.

Every claim is auditable. The code is open, the protocol is documented, the math is standard.

Encryption
XSalsa20-Poly1305
NaCl secretbox · authenticated · 256-bit key
Key Derivation
Argon2id
21 MB memory · 3 iterations · OWASP compliant
Chunking
4 MB Chunks
Handles files up to 5 GB · per-chunk authentication
Format
NYX4
Authenticated binary format · HMAC-protected header · documented in API.md
CSP
Strict
No unsafe-inline scripts · object-src none · frame-ancestors none
Server Trust
Zero
Sees only ciphertext · cannot decrypt · cannot recover passphrases

Ready to share files securely?

No account needed. No tracking. Just encryption.