Encrypt Files to Send to a Client Over Email

Encrypt a contract before emailing it to a client

You need the client to see a draft agreement, but email it and your provider, their provider, and every relay can read it. Encrypt locally, attach the .aes, deliver the passphrase by phone.

Mode:        Encrypt
Input file:  service-agreement-draft.pdf  (820 KB)
Passphrase:  maple-river-ledger-7

Local steps:
  salt = 16 random bytes
  iv   = 12 random bytes
  key  = PBKDF2(passphrase, salt, 100000, SHA-256)
  ct   = AES-GCM(key, iv, file)  (tag appended)

Downloaded:
  service-agreement-draft.pdf.aes
  bytes = salt(16) + iv(12) + ciphertext+tag

Email the .aes; phone the passphrase to the client.

Client receives and decrypts it

The client opens the same tool — no account needed — switches Mode to Decrypt, drops the attachment, and types the passphrase you read out over the phone.

Mode:        Decrypt
Input file:  service-agreement-draft.pdf.aes
Passphrase:  maple-river-ledger-7

Downloaded:
  service-agreement-draft.pdf   (byte-for-byte original)

Mistyped the passphrase by one character?
  Error: "Decryption failed — wrong passphrase or corrupted file."
  -> just re-enter it; nothing was consumed or corrupted.

Bundle several files into one encrypted attachment

This tool encrypts one file per run with no batch. To send a folder of documents, zip them first, then encrypt the single archive — the recipient unzips after decrypting.

Step 1  zip the deliverables locally:
          onboarding-pack.zip  (id-scan.png, w9.pdf, nda.pdf)
Step 2  Mode = Encrypt, drop onboarding-pack.zip
          -> onboarding-pack.zip.aes
Step 3  Email onboarding-pack.zip.aes
Step 4  Recipient: Decrypt -> onboarding-pack.zip -> unzip

One passphrase protects the whole pack; one attachment to send.

Confirm the client received an untampered file

GCM already rejects a tampered blob outright, but if you want a visible match across the round-trip, fingerprint the original and have the client fingerprint their decrypted copy.

You, before sending:
  run service-agreement-draft.pdf through Multi-Hash Fingerprinter
  sha-256 = 3b8c1a... (read it to the client too)

Client, after decrypting:
  run the decrypted PDF through the same tool
  sha-256 = 3b8c1a...  <- matches -> exact same file arrived

If GCM had rejected a tampered .aes, decryption would have
failed before the client ever saw a file to hash.

Pick a passphrase that survives being spoken aloud

You will dictate this over a phone line. Symbol-heavy passwords get mis-heard; a few hyphenated words travel cleanly and still carry high entropy. Audit it before you commit a file.

Hard to dictate, error-prone:
  "X7$kq!2vP"  -> "was that dollar or pound? caps or lower?"

Rejected outright:
  "acct24"     -> 6 chars -> "Passphrase must be at least 8 characters."

Easy to say, strong, accepted:
  "copper-anchor-violet-quartz"

Tip: paste a candidate into Password Entropy Auditor to check
its bits of entropy before you send a file under it.

A single wrong character means a different derived key, so the GCM auth tag fails to verify and the tool throws Decryption failed — wrong passphrase or corrupted file. Nothing is consumed — the recipient just re-enters the correct passphrase. This is why a few clear hyphenated words beat a string of ambiguous symbols when you have to dictate over the phone.

The tool checks length before doing any crypto. A passphrase under 8 characters throws Passphrase must be at least 8 characters. and nothing is encrypted. It is a hard floor in code, not a warning you can dismiss.

Because AES-GCM is authenticated, any byte changed by a relay, an antivirus rewrite, or a corrupting transfer invalidates the auth tag and decryption fails with the same Decryption failed message. The recipient never gets silently corrupted plaintext — integrity is all-or-nothing, so a failure is your signal to re-send.

Some providers quarantine unrecognised binary attachments. The tool's output is application/octet-stream, which a few filters dislike. If the .aes is stripped, zip it (file.aes -> file.aes.zip) or share it via a cloud-drive link instead and still deliver the passphrase separately. The tool cannot change how a given mail provider treats attachments.

Encryption is pointless if the passphrase rides along in the email body or a reply. Anyone who reads the message reads both halves. Always deliver the passphrase over a different channel — a call, an SMS, a messaging app. This is a workflow rule, not something the tool can enforce for you.

If the recipient forgets to switch to Decrypt, dropping the .aes re-encrypts it into file.aes.aes instead of recovering the original. There is no error — the operation succeeds in the wrong direction. The fix is to set Mode to Decrypt first; the picker then hints .aes files as a reminder.

Files are size-checked before encryption. On Pro the ceiling is 100 MB (Pro + Media 500 MB, Developer 2 GB). Over the limit you get File "<name>" is <size> — exceeds the <limit> limit for your plan. Note most email providers cap attachments around 25 MB anyway, so a large .aes usually needs a cloud-drive link regardless.

Decrypting also requires the Pro plan — the AES-256 Encryptor has a minimum tier of Pro for both directions. On Free a Pro overlay reads AES-256 Offline Encryptor requires the Pro plan. Tell your recipient they need Pro to open the .aes, or decrypt it yourself and re-share through a channel they trust.

Decrypt only strips a trailing .aes to recover the filename. If the recipient saved the attachment as download.bin, decrypt still returns the correct bytes but cannot restore the original name — it just removes a .aes suffix if present. Ask them to keep the .aes suffix so the original filename round-trips.

You can email the same .aes to multiple recipients and give them all the same passphrase — the tool does not bind a blob to a recipient. But a shared passphrase means any one of them (or anyone who phishes it) can open the file. For genuinely different recipients, encrypt separate copies under separate passphrases.