How I Built Zero-Knowledge File Sharing Using the Web Crypto API (No Server Ever Sees Your Data)

When I built FileShot , I had one hard requirement: the server must never be able to read a user's file — ever. Not encrypted at rest by a key the server holds. Not TLS. I mean genuinely zero-knowledge: the encryption key is generated in the browser, used in the browser, and never transmitted anywhere. Here's how I did it using the Web Crypto API. Why Zero-Knowledge? Most file sharing services say "your files are encrypted" — but they mean encrypted with their key. If their database leaks, or a subpoena hits, all your files are exposed. True zero-knowledge means even the developer can't read the files. The Web Crypto API is built into every modern browser and gives us access to hardware-backed cryptography. No npm packages, no external dependencies. The Encryption Flow Step 1: Generate the Key const key = await crypto . subtle . generateKey ( { name : ' AES-GCM ' , length : 256 }, true , [ ' encrypt ' , ' decrypt ' ] ); AES-GCM is authenticated encryption — it provides both confidentia