DotBGE

Product Introduction

1. Definition: DotBGE is a cross-platform file encryption software application and ecosystem designed for end-to-end, on-device file protection. Its core technical category is client-side encryption software built upon the open .bge file format specification, utilizing a hybrid cryptographic system of RSA-4096 for key exchange and AES-256-GCM for payload encryption.
2. Core Value Proposition: DotBGE exists to provide secure, private file encryption without accounts, cloud servers, or trust dependencies. It allows users to lock files directly to a recipient's identity (via public key) or a password, ensuring that only the intended party can decrypt and access the content, all while maintaining full data control and interoperability through an open standard.

Main Features

1. Identity-Based Encryption: Users can generate a local cryptographic identity (RSA-4096 key pair). Encrypting a file for "a person" involves wrapping the file's symmetric key with the recipient's public key. How it works: Recipients share identities via QR code scan for direct, offline public key exchange. The encrypted .bge file header (wrapped_key block) contains the symmetric key encrypted only for the designated recipient, ensuring a one-to-one, no-server trust model.
2. Biometric-Locked Vault: A secure on-device container for sensitive encrypted files. How it works: The vault is sealed using the device's Face ID or Touch ID biometrics. It automatically locks when the app is backgrounded, requiring re-authentication for access. The free version supports up to 3 files; Pro offers unlimited storage. All vault operations occur locally.
3. Password-Based Encryption (PBKDF2): For cases where the recipient does not have DotBGE, files can be encrypted with a passphrase. How it works: The symmetric key is derived from the user's password using PBKDF2-SHA512 with a 1,000,000-round iteration count, providing high resistance to brute-force attacks. The resulting encrypted file is still a standard .bge file.
4. Secure In-App Preview: Decrypts and renders files (images, PDFs, videos) for viewing without writing the decrypted data to the device's disk. How it works: Decrypted content exists only in the app's protected memory during the preview session, mitigating forensic recovery risks and ensuring "preview without a trace."
5. Open .bge Format & CLI: The entire system is built on the documented, open .bge file format (v3). How it works: A command-line interface (CLI) is provided for macOS/Linux, enabling scriptable, terminal-based workflows, batch processing, and integration with AI coding agents like Claude Code and ChatGPT for automated file handling tasks.

Problems Solved

1. Pain Point: Eliminates the privacy and dependency risks of cloud-based storage and email attachments. Traditional methods often involve uploading files to third-party servers or sending sensitive data through insecure channels like email, creating points of failure and surveillance.
2. Target Audience: Privacy-conscious individuals, freelancers handling client data, journalists, developers needing secure scriptable encryption, and anyone requiring secure off-network file transfer. Specific personas include DevOps engineers (for secret management in scripts), legal professionals (for document sharing), and families (for secure photo vaults).
3. Use Cases: Securely sharing financial reports (Q4_financials.pdf) with an accountant via identity encryption; creating a password-protected backup of a passport scan (Passport_scan.jpg) for travel; encrypting a large video interview (interview.mov) for secure handoff to a colleague; using the CLI to encrypt log files automatically in a deployment pipeline.

Unique Advantages

1. Differentiation vs. Traditional Methods: Unlike cloud services (e.g., Dropbox) or standard ZIP encryption, DotBGE operates without any accounts, servers, or cloud middleman. It avoids the single point of failure of central servers and the weak encryption often found in archive tools. Unlike standard PGP/GPG, it offers a simpler, app-based identity and biometric vault management, though it is built on similar core cryptographic principles.
2. Key Innovation: The combination of a fully open, self-describing file format (.bge) with seamless cross-platform support (iOS, iPadOS, macOS, Linux) and a no-account, on-device trust model. This creates a future-proof ecosystem where encrypted files remain accessible even if the software disappears, as the format is public and implementable by others. The integration of a Share Extension for system-wide encryption and AI agent skill for terminal automation further sets it apart.

Frequently Asked Questions (FAQ)

1. How does DotBGE encryption work without an account or server? DotBGE uses public-key cryptography (RSA-4096). Your identity is a key pair generated and stored only on your device. To send a file to someone, you encrypt it with their public key. Only they, with their private key (on their device), can decrypt it. No central server is needed to manage or transfer keys, as identities are shared directly via QR code.

2. Is my .bge file secure if I lose my phone or forget my password? Security is high, but recovery depends on the method. For identity encryption, the file is tied to the recipient's private key; if that key is lost, the file is irrecoverable. For password encryption, recovery depends on knowing the password. DotBGE cannot decrypt your files as it never holds keys or passwords. This is a security feature, not a flaw.

3. What makes the .bge format different from other encrypted file formats? The .bge format is fully documented, open, and self-describing. It uses a standard structure (magic BGE3 header, encrypted metadata, sealed payload chunks) and modern, proven cryptographic primitives (RSA-4096-OAEP + AES-256-GCM). Its openness ensures long-term accessibility and third-party implementation, preventing vendor lock-in.

4. Can I use DotBGE to encrypt files on my computer, or only on iPhone? DotBGE is a cross-platform solution. You can use the iPhone/iPad app for mobile encryption, decryption, and management. For computers, a command-line interface (CLI) tool is available now for macOS and Linux, enabling encryption in scripts and terminal workflows. A dedicated macOS desktop app is in development.