-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Zefer is a 100% client-side encryption tool that turns text and files into password-protected .zefer files using AES-256-GCM. Everything happens in your browser — no server ever stores, processes, or transmits your data. It is free, open source (MIT), and created by José Carrillo.
- Live app: https://zefer.carrillo.app
- Repository: https://github.com/carrilloapps/zefer
- CLI companion: https://github.com/carrilloapps/zefer-cli
- LLM context: https://zefer.carrillo.app/llms.txt
Files created by the web app, the CLI, and the library are fully cross-compatible — identical binary format and cryptographic parameters.
flowchart LR
subgraph YOU["Your device (browser / CLI / app)"]
A["Text or file"] --> B["Lock with AES-256-GCM<br/>key from your passphrase"]
B --> C[(".zefer file")]
end
C --> D["Share anywhere<br/>(email, chat, drive)"]
D --> E["Recipient's device"]
E -->|"passphrase"| F["Original text or file"]
Nothing is uploaded — see How It Works for the step-by-step algorithm and diagrams, and the Glossary if any term is new.
- Zero-knowledge & client-side. Encryption and decryption run entirely in the browser via the Web Crypto API. Passphrases and keys never leave your device. There are no accounts, cookies, or trackers.
- Authenticated encryption. AES-256-GCM with PBKDF2-SHA256 key derivation (300k / 600k / 1,000,000 iterations).
- Security metadata is sealed inside the ciphertext. Expiration, IP allowlist, secret question, and max-attempts live inside the AES-256-GCM payload — not in the public header — so they cannot be read or tampered with without the passphrase.
-
Four channels, one format. Use Zefer from the web app, the CLI, an MCP server for AI agents, or as a Node.js library — all producing the same
.zeferfiles.
- Getting Started — encrypt and decrypt your first secret.
- How It Works — the end-to-end flow, step by step.
- Security Architecture — the cryptographic model in detail.
| Topic | Page |
|---|---|
| Cryptography & key derivation | Security Architecture |
.zefer binary layout |
Binary File Format |
| Expiration, dual key, reveal key, IP, secret question | Security Features |
| Encrypt/decrypt via the URL | URL Parameters |
| Command line | CLI |
| AI agents (Model Context Protocol) | MCP Server |
| Programmatic Node.js API | Library |
| Password generation & strength analysis | Password Generator and Analyzer |
Inspect any .zefer without the passphrase |
.zefer File Analyzer |
| Install, PWA, self-hosting | Install and Self-Hosting |
| Stack, structure, theming | Architecture and Tech Stack |
| Privacy, GDPR/CCPA/LGPD | Privacy and Compliance |
| Develop & contribute | Contributing |
| Copy-paste recipes for real tasks | Examples and Recipes |
| Fix a problem | Troubleshooting |
| Common questions | FAQ |
| How Zefer compares to other tools | Comparisons |
| Versioning & release process | Releases and Versioning |
| Plain-language definitions of every term | Glossary |
MIT © José Carrillo. See the repository LICENSE.
📖 New to the terminology? Every technical word in this wiki is defined in plain language in the Glossary.
📖 New to a term? See the Glossary. · Zefer · Repository · CLI · MIT © José Carrillo
Guides
- Getting Started
- How It Works
- Examples and Recipes
- Install and Self-Hosting
- Comparisons
- Troubleshooting
- FAQ
Security
Channels
Tools
Project
Reference