induwara.lk
induwara.lkEnd-to-end encrypted · Read-once

Send a self-destructing file — encrypted, no signup

Upload any file up to 3 MB, get a one-time link, and the file is encrypted in your browser before it ever leaves. The recipient downloads once; the encrypted blob is destroyed. We never see the file, the key, or the contents. Free, no account, no email.

By Induwara AshinsanaUpdated May 31, 2026
End-to-end encrypted in your browser · 3 MB max

Auto-destruct after

How it works

When you choose a file and click Create one-time file link, your browser generates a random AES-256 key with the native Web Crypto API and places it in the part of the URL after the # — the URL fragment, which browsers never transmit to any server. The file's bytes are encrypted locally with that key before they leave your device, so what reaches our server is opaque ciphertext we have no way to decrypt.

The link you share has two parts: the session identifier (which we know) and the decryption key (which only you and the recipient know, because it's in the fragment). When they open it, their browser downloads the encrypted blob, uses the key from their URL to decrypt it locally, and offers the file as a download. At the same moment, we receive a destroy signal and permanently delete the encrypted blob server-side. No log keeps it. No backup.

That gives you two layers of protection. Read-once means even if someone later finds the link in a chat history, opening it shows nothing — the blob is gone. The server-enforced timer means if no one downloads the file, it still self-destructs after the window you picked. Because we never have the key, there is no point at which a readable copy of your file exists on our side.

The one rule: the link is the key. Anyone who gets the full URL can download the file once. Send it over a channel that's at least somewhat private and prefer the shortest timer that works.

When this is the right tool

  • Sharing a confidential PDF with a lawyer, accountant, or client — without leaving it in your email forever.
  • Sending a screenshot containing sensitive info (an invoice, a private message, ID details) without it sitting in chat history.
  • Handing over a config file, certificate, or key file to a teammate or contractor.
  • One-time delivery of a design draft, contract, or document you don't want forwarded.
  • Replacing email attachments when the file is sensitive — your inbox keeps it forever; this doesn't.

Frequently asked questions

Related tools

Sources & references

File contents are encrypted with AES-GCM-256 via the browser's native Web Crypto API; the key lives only in the URL fragment.

Questions or a bug to report?

Email [email protected].