How URL Fragments Solve the Key Distribution Problem in Zero-Knowledge File Sharing

One of the core challenges in building a zero-knowledge file sharing service is key distribution: how do you give the recipient the decryption key without the server ever seeing it? The answer has been embedded in the HTTP spec since 1994. It's called the URL fragment. The Problem In most "encrypted" file sharing services, the workflow looks like this: User uploads file Service encrypts it server-side (using their own keys) Service sends recipient a download link Service decrypts the file when the recipient requests it This is encryption at rest. The service can read every file whenever they want. The encryption protects against disk theft, not against the service itself or its government. True zero-knowledge means the server is architecturally prevented from decrypting files — not by policy, but by the fact that it never has the key. The URL Fragment Solution The HTTP/1.1 RFC 2396 specifies: "A fragment identifier is separated from the rest of a URI by a hash (#) character and contain