Get 1Cryptor
ZERO-KNOWLEDGE FILE SECURITY

Your files. Encrypted.
Only you have the key.

1Cryptor turns every file into unreadable ciphertext before upload using a Rust encryption engine. Not your key, not your data.

AES-256-GCM Argon2id RSA-4096 5 MB Chunking
Download on the App Store Learn how it works
Vault StatusProtected
EncryptionActive
BackdoorNone

0

Bit key strength for AES data encryption.

0

Bit RSA key wrapping for master key protection.

0

MB Argon2id memory-hard defense against brute force.

0 MB

Per encrypted chunk with unique nonce and tag.

How 1Cryptor Protects You

Everything critical happens locally on your device before any sync operation.

🧩

Split Into Secure Chunks

Files are split into 5 MB blocks. Each block is encrypted independently for performance and cryptographic isolation.

🛡️

Encrypt On Device

Content, names, and metadata are encrypted locally with AES-256-GCM and authenticated with a 16-byte tag.

🔑

Only Your Password Unlocks

Your password derives keys using Argon2id and unlocks the private key needed to unwrap the master key.

☁️

Bring Your Own Cloud

Store encrypted data in your iCloud Drive or Google Drive. The cloud sees encrypted blobs, never plaintext.

Encryption Flow

A complete cryptographic pipeline from password entry to secure cloud storage.

01

Password Input

Argon2id v1.3 derives a hardened key with 128 MB memory, 4 iterations, 4 lanes.

02

Private Key Access

The derived key unlocks your RSA-4096 private key secured by OAEP-SHA256 logic.

03

Master Key Unwrap

A random 256-bit master key is recovered and used only in-memory for encryption operations.

04

Chunk Encryption

Each 5 MB chunk receives a fresh 12-byte nonce and is encrypted with AES-256-GCM.

05

Encrypted Sync

Only encrypted chunks, encrypted names, and encrypted metadata are synced to cloud storage.

How Files Are Encrypted

Every file is protected in layers so confidentiality and integrity stay strong end to end.

1. Key Derivation

Your password never becomes an encryption key directly. Argon2id derives a hardened key using 128 MB memory, 4 iterations, and parallel lanes.

Argon2id Salted Memory-Hard

2. Master Key Protection

A random 256-bit master key encrypts your data. This master key is wrapped with RSA-4096 + OAEP-SHA256, so only your private key can unwrap it.

RSA-4096 OAEP-SHA256 Private Access

3. Content Encryption

Each data block is encrypted with AES-256-GCM using a unique 12-byte nonce and validated with a 16-byte authentication tag.

AES-256-GCM 12B Nonce 16B Tag

4. Metadata Protection

File names, extensions, and metadata are encrypted too. Storage providers only see encrypted objects, not meaningful labels.

Encrypted Names Encrypted Metadata Zero Knowledge

How Videos Are Split and Encrypted

Large videos are chunked into secure parts for speed, reliability, and cryptographic isolation.

01

5 MB Chunking

A video is split into 5 MB chunks so encryption and upload run in parallel with better resilience on unstable networks.

02

Per-Chunk Nonce

Every chunk gets a fresh nonce before AES-256-GCM encryption. Nonce reuse is prevented by design.

03

Per-Chunk Authentication

Each encrypted part carries its own tag. Modified or corrupted chunks fail authentication immediately.

04

Secure Reassembly

Chunks are validated and decrypted in order, then reassembled only on authorized devices with the right key material.

Chunk 01AES
Chunk 02AES
Chunk 03AES
Chunk 04AES
Chunk 05AES
Chunk 06AES
Chunk 07AES
Chunk 08AES
Encrypted Vault Stream

Technology Stack

Rust cryptography engine with Swift integration through C ABI.

AES-256-GCM

let cipher = Aes256Gcm::new(key);

nonce: 12 bytes / tag: 16 bytes

  • Mode: Authenticated Encryption
  • Key Size: 32 bytes
  • Applied To: Content + Names + Metadata

Argon2id

let params = Argon2id(128MB, 4, 4);

  • Version: 1.3 (0x13)
  • Memory: 131072 KiB
  • Purpose: Password-Based Key Derivation

RSA-4096 + OAEP

use rsa::{Oaep, Sha256};

  • Key Size: 4096 bits
  • Operation: Master Key Wrapping
  • Padding: OAEP-SHA256

Chunking Engine

const CHUNK_SIZE = 5 * 1024 * 1024;

  • Chunk Size: 5 MB
  • Nonce Rule: Unique Per Chunk
  • Result: Fast + Safer Large File Sync

Why 1Cryptor

Designed for people who want maximum privacy without giving up convenience.

Zero Knowledge

Your password and keys stay on your device. We cannot decrypt your files.

Own Your Storage

Use your own cloud provider, keep your own control, avoid vendor lock-in.

Free Starter Vault

Start with one free vault and secure your most important files immediately.

Multi-Device Ready

Access encrypted files on your devices while preserving end-to-end protection.

Privacy by Architecture, Not by Promise

Minimal data principles are built into product logic, not marketing slides.

We Never Collect

  • ✖ Passwords
  • ✖ Encryption keys
  • ✖ File content
  • ✖ Plain filenames or metadata

Limited Data We May Process

  • ✔ Apple/Google account data for cloud APIs
  • ✔ Subscription and purchase state
  • ✔ Anonymous crash and diagnostic signals
Read Privacy Policy Read Terms of Service

Encrypt first. Sync second. Breathe easy.

Join people who refuse to hand over private files in plaintext.

Download on the App Store