How to Share Files Securely Online with End-to-End Encryption

· Security guide · Reading time: 4 min

Sharing files online used to mean uploading them to a cloud account, generating a link, and trusting the provider's privacy policy. For sensitive files — contracts, ID scans, source code, personal documents — that's not enough. You want files that only the intended recipient can read.

This guide shows how to share files securely using CloudPaste's built-in end-to-end encryption. No accounts, no installs, and your files are encrypted in your browser before they ever leave your device.

What "end-to-end encryption" actually means

End-to-end encryption (E2EE) means the content is encrypted on the sender's device and decrypted only on the recipient's device. The server in the middle stores ciphertext it cannot read. Even if the server is compromised, the files remain unreadable without the password.

Step-by-step: secure file sharing

Step 1 — Open a fresh channel

Visit cloudpaste.io. A unique channel URL like cloudpaste.io/#/x9f2k1m3 is created.

Step 2 — Enable encryption

Click the 🔑 (key) icon in the top right of the toolbar. Enter a strong password. Use something at least 12 characters long with mixed case, numbers, and symbols.

The password never leaves your browser. The server only stores encrypted bytes — without the password, the data cannot be decrypted.

Step 3 — Upload your file

Switch to the Files tab. Drag and drop a file (or click to select). CloudPaste encrypts the file in your browser using AES‑GCM with a key derived from your password (PBKDF2). Only the encrypted blob is uploaded.

Step 4 — Share the link and the password separately

Send the channel URL through one channel (email, chat) and the password through a different channel (text message, voice call). This way, an attacker who intercepts one cannot decrypt the file.

Step 5 — Recipient downloads and decrypts

The recipient opens the link, enters the password, and the file is decrypted in their browser. The plaintext file is never seen by the server.

Try secure file sharing now

Free, no sign-up, no install. Your files are encrypted in your browser before upload.

Open CloudPaste →

Best practices for secure file sharing

  • Use long, unique passwords. Avoid dictionary words and reused passwords.
  • Send the link and password separately. Different communication channels reduce interception risk.
  • Clear the channel after use. Use the Clear button when the recipient confirms receipt.
  • Verify the recipient. Make sure you're sending to the right person before sharing.
  • Don't reuse channels for different recipients. Create a fresh channel for each transfer.

What CloudPaste cannot protect against

E2EE protects the content during transit and at rest on the server. It does not protect against:

  • A compromised device (malware on your laptop or phone)
  • The recipient sharing the password or files further
  • Weak passwords that can be brute-forced
  • Screenshots or screen recordings on the recipient's device

FAQ

Is the encryption open and verifiable?

Yes. CloudPaste uses the standard browser Web Crypto API (AES‑GCM 256-bit, PBKDF2 with SHA‑256). See the encryption specification for technical details.

Can I share files without encryption?

Yes. If you don't enable the 🔑 icon, files are uploaded normally and accessible to anyone with the link.

What's the file size limit?

Files up to 10 MB are supported per upload.