Blackhole logo Blackhole

Blackhole Encryption FAQ & Best Practices

Learn more about Blackhole's encryption features and how it works

  • Argon2id Key Derivation: Memory-hard algorithm resistant to GPU attacks
  • AES-GCM Encryption: 256-bit encryption with authenticated encryption mode
  • Random Salt Generation: Each file gets a unique 32-byte salt
  • Dual Key System: Uses both Key Encryption Key (KEK) and Data Encryption Key (DEK)
  • Tag Chaining: Each chunk's authentication tag depends on the previous chunk
  • File Name Scrambling: Optional Base64 encoding of filenames for privacy

Encryption Process

  1. Your password is used with Argon2id to derive a Key Encryption Key (KEK)
  2. A random Data Encryption Key (DEK) is generated and encrypted with the KEK
  3. The file is encrypted in chunks using AES-GCM with the DEK
  4. The result is saved as a .enc file
  • Remember your password: There is no password recovery. If you lose your password, your files cannot be decrypted.
  • Strong passwords recommended: Use at least 12 characters with a mix of uppercase, lowercase, numbers, and symbols.
  • File format: Files are encrypted using standard .enc format with AES-256-GCM encryption.
  • Temporary files: Uploaded files are automatically deleted after 24 hours.
  • Security: Your password never leaves your device. All encryption happens client-side in your browser using industry-standard cryptography.
  • Performance: Large files may take longer to encrypt/decrypt due to the strength of the Argon2id algorithm.

No Warranties

This encryption service is provided "AS IS" with no guarantees or warranties of any kind, express or implied. We make no claims about the service's fitness for any particular purpose.

Password Recovery

We cannot help with password recovery. Your encryption passwords are never saved or stored on our servers. If you lose or forget your password, your encrypted files cannot be decrypted by anyone - including us. Please keep your passwords safe and secure.

User Responsibility

You are solely responsible for:

  • Choosing strong, secure passwords
  • Keeping your passwords safe
  • Backing up your encrypted files
  • Testing decryption before relying on encrypted files

Limitation of Liability

We are not liable for any data loss, corruption, or inability to decrypt files. Always keep backup copies of important files.

What file formats can I encrypt?

Any file format can be encrypted - documents, images, videos, archives, etc. The encrypted file will have a .enc extension.

How large can my files be?

Files can be encrypted up to 1 GB in size.

Can I decrypt files on different devices?

Yes! As long as you have the correct password, you can decrypt your files on any device using the web interface.

What happens to my files after upload?

After you download your encrypted/decrypted file, the temporary files remain on the server for up to 24 hours before being automatically deleted by a background cleanup service.

Is my password stored anywhere?

No. Your password is only used in your browser to perform the encryption/decryption. It never leaves your device and is never sent to the server.

What is filename scrambling?

Filename scrambling encodes your original filename in Base64 format, making it unreadable. This adds an extra layer of privacy to your encrypted files. You can unscramble it when you decrypt.

What if I don't trust storing my files on your server?

All encryption and decryption happens entirely in your browser using client-side JavaScript. Your files are encrypted before being uploaded to the server, so they never exist in plain form on our servers. The server only stores the already-encrypted files temporarily for download, which are automatically deleted after 24 hours. Your password and unencrypted data never leave your device.

An unhandled error has occurred. Reload 🗙