Skip to content

Hashdrop

A zero-trust, command-line file storage tool built in Go. Files are encrypted on your device before upload — the server and storage layer only ever see encrypted blobs. Your plaintext data never touches the server.

How It Works

  1. Encrypt locally — files are encrypted on your machine before anything leaves it
  2. Upload safely — only the encrypted blob reaches cloud storage (AWS S3)
  3. Share a link — recipients get a download URL to access the encrypted file
  4. Decrypt on their end — the recipient uses the shared key or passphrase to decrypt and verify the file

Features

  • Client-side AES-GCM encryption — each file gets its own unique Data Encryption Key (DEK)
  • Integrity verification — plaintext hash stored at upload time so tampering can be detected
  • Local vault — encryption keys stored in an AES-GCM encrypted vault at ~/.hashdrop/vault.enc
  • Passphrase mode — opt out of the vault and manage your own passphrase instead