logo hsb.horse

Pixel Cipher (PNG Envelope Encryption)

Encrypt images locally with password-based envelope encryption and embed restore metadata in a PNG tEXt chunk for automatic decryption.

Protect previews before sharing. AES-GCM wraps the data key, AES-CTR masks RGB pixels, and the restore recipe stays inside the PNG. Everything runs offline in your browser.

1. Upload image

Select an image to encrypt or decrypt

2. Set a master password

2. Set a master password

PBKDF2 + AES-GCM wraps a random AES-CTR data key, then each pixel's RGB values are XOR-masked. Transparent pixels are skipped to keep silhouettes intact.

Encrypted PNGs store the salt, IVs, and wrapped key in a tEXt chunk so decrypt mode is auto-detected when you re-upload.

3. Export

3. Export

Waiting for an image

Pixel cipher preview

Upload an image to start

Use cases

Share previews without leaking originals

Send an encrypted teaser image that only collaborators with the password can recover.

Protect work-in-progress assets

Keep design comps in chats while preventing accidental reuse or spoilers.

Deliver instructions with the file

The PNG tEXt chunk ships salt, IVs, and wrapped keys so recipients can decrypt without extra manuals.

Pro tips

  • Use a long passphrase; PBKDF2 with 100k iterations strengthens the key derived from your password.
  • Transparent pixels stay untouched. Add a solid background if you need every pixel fully masked.
  • Re-upload the encrypted PNG once to confirm decrypt mode is detected before sharing it.

Tools

On-device envelope encryption (PBKDF2 + AES-GCM/CTR)

tEXt chunk metadata auto-detects decrypt mode

Skips transparent pixels to preserve silhouettes

No uploads — everything stays in your browser

How to use

  1. 1

    Upload any image

    PNG, JPEG, and WebP work. Encryption always exports as PNG to carry metadata.

  2. 2

    Set a strong password

    The tool derives an AES-GCM key (KEK) from your password and wraps a random 256-bit AES-CTR data key.

  3. 3

    Let the pixels process

    RGB channels are XOR-masked with a keystream. Transparent pixels are skipped to preserve outlines.

  4. 4

    Download the encrypted PNG

    Salt, IVs, wrapped key, and original MIME are saved into a tEXt chunk alongside the pixels.

  5. 5

    Test decryption once

    Reopen the saved PNG, enter the password, and verify the preview restores before sending it out.

Frequently Asked Questions

Do images leave my browser?
No. All encryption and decryption run locally via the Web Crypto API. Files are never uploaded or tracked.
What formats are supported?
Any format your browser can open for preview. Encrypted exports are always PNG; decrypting restores using the stored original MIME when possible.
What happens to transparency?
Transparent pixels are skipped during masking so silhouettes remain. During encryption, the alpha channel is set to 255 to avoid RGB corruption when saving.
How is the key derived?
PBKDF2 with 100,000 iterations creates the KEK from your password. A random AES-CTR key is wrapped by AES-GCM with its IVs and salt stored in the PNG.