Encrypt files, then make them vanish inside images

AroCrypt is a security-focused application that combines AES-256 encryption with steganographic techniques to embed encrypted files within standard image formats. It operates without requiring user accounts, installations, or complex configurations, prioritizing direct file protection over secondary features. The tool functions entirely client-side, ensuring zero data transmission to external servers during encryption/decryption processes. Its primary output is innocuous image files (PNG/JPG) containing hidden payloads indistinguishable from regular images.
The core value lies in providing dual-layer security through cryptographic obfuscation (AES) and visual camouflage (steganography), making protected files both inaccessible to unauthorized parties and undetectable as encrypted containers. This approach addresses the limitations of traditional encryption tools that produce identifiable encrypted blobs, which often attract unwanted attention. By merging military-grade encryption with covert storage, AroCrypt enables users to maintain plausible deniability about the existence of protected data.

AES-256-CBC Encryption: Implements the NIST-approved encryption standard with 256-bit keys and cipher block chaining mode, using PBKDF2 key derivation with 100,000 iterations for password hardening. Files are encrypted before being embedded into images, ensuring separate security layers that require both the carrier image and correct passphrase for decryption. The encryption process includes HMAC-SHA256 integrity checks to detect tampering attempts.
Adaptive Steganography: Dynamically adjusts LSB (Least Significant Bit) insertion patterns based on image characteristics, embedding encrypted data across multiple color channels without perceptible quality loss. Supports PNG (lossless) for maximum data preservation and JPG (lossy) for natural-looking camouflage, with automatic format optimization based on payload size. The algorithm maintains standard image dimensions and EXIF metadata to avoid forensic suspicion.
Cross-Platform Execution: Delivers native performance across Windows, macOS, and Linux through WebAssembly compilation, accessible via web browsers without local installations. The open-source architecture allows verification of security implementations and community auditing through published GitHub repositories. Offline capability is ensured through service worker caching, enabling full functionality without internet connectivity after initial page load.

Eliminates the security risk of identifiable encrypted files by concealing protected data within ordinary-looking images that bypass content scanning systems. Traditional encryption solutions create files with recognizable headers (like .aes or .gpg) that signal the presence of sensitive information, whereas AroCrypt outputs standard image formats that blend with regular media collections.
Serves privacy-conscious users requiring discreet data storage, including journalists protecting source materials, businesses safeguarding intellectual property, and individuals securing personal documents. The tool particularly benefits users operating in high-surveillance environments or under restrictive data protection regulations where visible encryption tools might incur legal or administrative scrutiny.
Enables secure data exchange through public channels by allowing users to share sensitive information disguised as casual image uploads on social platforms or cloud storage services. This proves critical for whistleblowers transmitting documents, lawyers sharing case files, or healthcare providers exchanging patient records while maintaining HIPAA compliance through hidden encryption layers.

Unlike standalone steganography tools that lack robust encryption or encryption utilities without concealment features, AroCrypt merges both functionalities in a single workflow. Competitors typically require separate steps for encryption and data hiding, whereas this solution automates the combined process through a unified interface, reducing user error and operational complexity.
Implements rotating bit-depth allocation to prevent steganalysis through frequency-based detection, a technique absent in most open-source steganography tools. The adaptive embedding algorithm varies bit insertion patterns between RGB channels based on image histogram analysis, making payload detection statistically improbable even under advanced forensic examination.
Maintains competitive edge through verifiable security practices, with all cryptographic implementations using audited WebCrypto API calls rather than custom JavaScript code. The combination of browser-native encryption routines and steganographic innovation achieves enterprise-grade security without sacrificing accessibility, a balance rarely found in free cross-platform solutions.

How does AroCrypt ensure security if the website is blocked by browser verification checks? The application uses client-side execution where all cryptographic operations occur in your browser, meaning no sensitive data transits through Vercel's servers. Users can download the PWA version or self-host the open-source code to bypass third-party security checkpoints entirely.
Can steganographically hidden files be recovered if the original tool becomes unavailable? Yes, the encryption/steganography protocol follows documented standards, enabling reconstruction through any compatible AES-256 and LSB steganography implementation. Users retain full access through the open-source codebase, which remains functional independently of the web host's status.
Why does the security checkpoint appear when accessing the web version? The Vercel platform implements automated bot protection that may trigger false positives during high-traffic periods. This doesn't affect the application's security model, as critical operations remain client-executed. Persistent access issues can be resolved by using the desktop build available in the GitHub repository's releases section.

Subscribe to Our Newsletter