GhostFile - Secure File Sharing

Secure, encrypted, and self-destructing file sharing.
Client-side encryption. Zero logs.

1  import { encrypt } from './crypto'
2
3  interface FileConfig {
4    encryption: 'AES-256',
5    access: 'ONE_TIME_ONLY',
6    logging: 'DISABLED',
7    expiry: number
8  }
9
10 export async function shareFile(file: File) {
11   const encrypted = await encrypt(file)
12   const link = generateLink(encrypted)
13
14   // Auto-destruct after first download
15   return { link, status: 'READY' }
16 }

[SECURE MODE]AES-256 ENABLED

$ ls features/

Client-Side Encryption

Files encrypted in browser before upload. Keys never touch our servers.

One-Time Access

Links self-destruct after single download. No second chances.

Zero Log Storage

No metadata, no permanent records. Privacy by default.

Auto-Destruct

Configurable expiry timer. Files vanish without a trace.

Open Source

Fully auditable code. No hidden backdoors. Trust through transparency.

Web3 Ready

Decentralized architecture. Your files, your control.

$ about --info

How It Works

Every note is assigned a randomly generated 256-bit ID and a 256-bit encryption key. The ID is used solely for storing and retrieving the note, while the content is encrypted on the client side using AES-GCM with the generated key.

Only the encrypted data is sent to the server, which stores it entirely in memory without writing anything to disk. Because the server never receives the encryption key, it is technically unable to decrypt any note contents—even if attempted.

Features

•True client-side encryption; the server cannot read note contents
•Optional view limits and expiration timers
•Fully in-memory storage with no persistence

Tech Stack

The backend is built with Rust, and the frontend uses Svelte and TypeScript.

The full source code is available for anyone to inspect, verify, or audit.