Upload Encryption

Upload Encryption lets Dropshare encrypt files with AES before they are uploaded to your storage. The person who receives your shared link opens a landing page in the browser; the file is decrypted there and downloaded with its original filename (for example, screenshot.png), while the copy on the server uses an .enc suffix (for example, screenshot.png.enc).

This is useful when you want confidentiality on the server: the storage provider (or anyone with direct access to the bucket) only sees ciphertext, not the original file.

Requirements

Upload Encryption requires a landing page. It is only available for connection types that support landing pages (object storage and protocol-based services such as SCP, SFTP, FTP, and WebDAV). If your connection does not support landing pages, encryption cannot be used for uploads on that connection.

When encryption is enabled for an upload, landing page previews are not available for that upload.

Turn Upload Encryption on or off

Default for all uploads

1. Open Dropshare and go to Preferences.
2. Open the Uploads tab.
3. Find the Upload Encryption section.
4. Enable Encrypt files before uploading.

Per connection

You can override the global setting for a specific connection:

1. Open Preferences → Connections.
2. Click the gear icon for the connection.
3. Use the Upload Encryption control: Use Default, Off, or On.

How sharing works

For each encrypted upload, Dropshare generates a random decryption key and builds a landing page URL that includes it, for example:

https://example.com/your-folder/index.html#dec=YOUR_KEY_HERE

Share that full URL with the recipient. They open it, click Download, and the browser fetches the encrypted file, decrypts it, and saves the original document.

If someone opens the page without the #dec=… part (for example, an old bookmark), the landing page can prompt for the decryption key so they can still download the file if you send the key separately.

Copy the decryption key later

If you use Recent Uploads (or the history menu for an item that was uploaded encrypted), you can copy the decryption key from the context menu (Copy Decryption Key). That extracts the key from the stored URL and puts it on the clipboard—handy if you need to send the key through a different channel than the link.

Security notes

• Anyone with the full link (including the #dec=… fragment) can decrypt the file. Treat the URL like a secret.
• Use HTTPS for your landing page and files when possible so traffic is protected in transit.
• The fragment may still appear in browser history, analytics, or if the link is logged or forwarded. For highly sensitive data, consider additional measures (password managers, separate key delivery, or other tools).
• The decryption key is saved in the upload history database of Dropshare on your Mac, which is not encrypted. The primary use case for this feature is ensuring that the uploaded files cannot be read on the server or by a third party without the decryption key; if a third-party gains access to your Mac, these measures can be circumvented.