Encrypt anything. Trust no server.

Lock text, rich formatting and images behind a password using AES-256. All encryption happens locally on your device — there is no account, no upload, and nothing for anyone to leak.

Zero-knowledge
Client-side only
No tracking
Keeps your layout & images

Type or paste your message, add a password, and lock it.

Your message Formatting and images are supported

Attachments are encrypted into a downloadable .ghost file.

Password / key Used to derive your AES-256 key

Tip: there is no way to recover a lost password — store it safely.

Output

Your encrypted block will appear here, ready to copy and paste anywhere.

How GhostType keeps you safe

AES-256-GCM

Authenticated encryption with a 256-bit key. If a single byte of the message is altered, decryption fails loudly instead of returning garbage.

Keys from your password

Your password is stretched into a key with PBKDF2 (250,000 SHA-256 rounds) over a random salt — slowing brute-force attempts.

Nothing leaves the page

All cryptography runs in your browser via the audited Web Crypto API. No servers, no logging, no analytics. Works offline.

Built for the web

Encrypted blocks are plain text you can paste into email, chat or docs. The same engine will power the upcoming Firefox & Chrome extensions.