Click or drop certificate
You can generate a private key and a corresponding self-signed certificate (with the public key) here.
The certificate is used to encrypt messages for you. You can share your certificate with your friends without hesitation.
The private key is used to decrypt messages that were encrypted with your certificate. Keep this key in a safe place, and do not share it with anybody. For additional safety, the private key is encrypted with a password.
This web app allows you to create S/MIME messages within your browser.
S/MIME is the industry standard for secure e-mail messaging, and supported by most e-mail clients, including Microsoft Outlook, Mozilla Thunderbird, and Gmail. Messages are thereby encrypted, and can only be read by recipients using their private key (end-to-end).
Instead of sending such messages via e-mail, you can also store them as EML files on your computer. Whenever you need to access the encrypted documents, you simply double-click on the EML file to open it with your e-mail client.
The main message text and all attached files (with their filenames) are encrypted as defined by the S/MIME standard.
The subject line, as well as the from and to fields are not encrypted.
Note that the encryption is entirely carried out within the browser. No information is sent to any server.
Messages are encrypted using AES-256-CBC, which is supported by virtually all S/MIME clients.
Regarding certificates and private keys, this tool currently supports RSA up to a key size of 4200 bits.
This depends on your web browser and computer. On a standard desktop computer, up to 500 MB of files will work fine, and take about 2 minutes to encrypt. Some systems can handle up to 1.2 GB of files.
Note that the resulting EML file is about 1.8 times as large as the attached files. This is due to the format specifications of SMIME messages.
Fields may be prefilled using URL switches, e.g.
The following switches are available:
Sets the "from" field to an e-mail address or a certificate.
EMAIL should be of the form
CERTIFICATE is the base64 content of a X.509 certificate file.
CERTIFICATEURL is a HTTP URL pointing to a X.509 certificate. Note that the corresponding server must provide valid CORS headers for this to work.
Sets the "to" certificates. Multiple certificates or certificate URLs may be provided.
Sets the subject.
Sets the message.
Switches the ZIP option on or off.
Switches the meta component info option on or off.
Switches the ASCII filenames option on or off.