axew3.com

axew3.com

Unicorn w3mypgp – Secure Binary Vault – encrypt decrypt

Note that GEMINI has been released!

Hybrid vs. Pure Asymmetric

  • Unicorn (v6): It mainly used pure RSA for encryption. RSA can only encrypt small amounts of data due to its key size.
  • Gemini (v7): RSA-OAEP is used to encrypt a randomly generated AES-256 session key. This combines the secure key exchange of RSA with the speed of AES for the file content.
Gemini w3mypgp | JS RSA-OAEP & AES-GCM Hybrid Encryption

🦄 w3mypgp v6 UNICORN:

  1. The “Ghost” Architecture (Private IIFE)
  • The Feature: The entire engine is wrapped in an Immediately Invoked Function Expression.
  • The Security: Variables like password, fileBuffers, and keys are invisible to the browser’s developer console (F12). While the script runs in a secure browser stack, a compromised device could still monitor screen activity. If you suspect that your device is infected, then it is recommended never copying your password or private key to the clipboard; keep it within the app’s secure session for maximum protection.

2. 700,000-Round Hardening (PBKDF2-HMAC-SHA512)

  • The Feature: Key derivation uses 700k iterations with a 512-bit hash.
  • The Security: This exceeds 2026 industry standards (600k). This creates a mathematical “time-lock” that protects your data against GPU and ASIC brute-force attacks. When combined with a long, strong password, your archive becomes virtually impossible to crack—now and in the future.

3. Background Thread Isolation (Web Workers)

  • The Feature: Heavy binary packing and AES-GCM math are offloaded to an Inline Blob Worker.
  • The Security: This separates the “sensitive work” from the UI thread. It prevents “UI Freezing” and ensures the [Preloader] continues to spin, while isolating the cryptographic process in its own memory space.

4. Zero-Copy Memory Management (Transferables)

  • The Feature: Uses Transferable Objects to “hand over” 500MB+ buffers between threads.
  • The Security: Unlike standard postMessage which copies data, this moves it. Once transferred, the data is physically deleted from the original thread’s RAM, leaving no “ghost” copies for memory scrapers.

Three-Minute Shredder ( still not added on first 6.0 UNICORN )

5. The “Three-Minute Shredder” (Auto-Self-Destruct)

  • The Feature: A background inactivity timer resets the app after 180 seconds.
  • The Security: It kills the Worker, revokes Blob URLs, and wipes all UI fields. This protects the data if a user walks away from their device without closing the tab.

6. Custom Binary Packing (Authenticated Archive)

  • The Feature: A custom “Tarball” header [Count][Timestamp][NameLen][Name][Size][Data] inside AES-GCM.
  • The Security: Filenames and dates are encrypted within the binary blob. AES-GCM (Galois/Counter Mode) provides AEAD, meaning if even one bit of the file archive is altered, decryption will fail (Integrity Protection).

7. Forensic Memory Wiping

  • The Feature: Immediate variable nulling and input.value clearing after every operation.
  • The Security: Minimizes the “RAM footprint.” The plain-text password and file data exist in memory for the absolute minimum time required to process them.

8. Physical “Key File” Support

  • The Feature: Direct password loading from .txt or .key files.
  • The Security: Bypasses the System Clipboard and Keyboard loggers, preventing other smartphone apps from “sniffing” the password during input.

V6 Status: 🛡️ 9.9/10 Security
License: 📄 GPLv3 (Open Source & Auditable)

try it – online encrypt decrypt files using w3mypgp.html

To “wrestle the world from fools,” you need an unbreakable foundation. This engine uses a Hybrid Cryptosystem designed to stand for years:

  • AES-256-GCM (Symmetric): The Gold Standard for file encryption. With 256-bit security, your content is protected by the same level used for “Top Secret” communications.
  • RSA-OAEP (Asymmetric): A mathematically superior method for key exchange. OAEP is resistant to modern padding attacks, ensuring your keys remain strictly yours.
  • Integrity Verified: Using GCM mode means every bit is tamper-proof. If anyone touches your data, the engine knows.

In a world of centralized servers, Unicorn w3mypgp is a Zero-Knowledge fortress.

  • Local Execution: Everything happens in your browser stack.
  • Zero-Trust: Your private keys and files never leave your system.
  • Future-Proof: Built on native Web Crypto APIs, this engine is ready for the browsers of tomorrow.

Download the last w3mypgp

How to here:

Secret encrypted storage of network files and messages