Encrypted file sharing protects confidential documents before they are stored or retrieved. It is suited to contracts, security reports, account exports, configuration files and other material that should not remain readable inside ordinary email attachments or open cloud links.
CyberRiskEvaluator Secure Secret Share supports sensitive files as well as passwords and text. The content is encrypted, the recipient uses a separately communicated passkey and decryption occurs in the browser.
Protect the file content, limit availability and send the passkey through a separate trusted channel.
Create a Secure SecretA password-protected ZIP or office document can be useful, but security depends on the encryption method, password strength and how the password is delivered. Sending the attachment and its password in the same email removes much of the benefit.
Attachments may also be downloaded to unmanaged devices, synchronized into personal folders or retained in mailbox archives. A dedicated encrypted-sharing workflow can add expiration, protected access tokens and clearer user instructions.
The file is encrypted with AES-256-GCM, using a key derived from the passkey with PBKDF2-HMAC-SHA-256 and a random salt. The recipient’s browser reconstructs the key and performs decryption locally after the correct passkey is supplied.
This design reduces the need for the application server to handle the readable file. The server can store encrypted bytes and the non-secret parameters required for decryption without storing the plaintext file or reusable AES key.
Once an authorized recipient decrypts and downloads a file, the sharing service cannot prevent copying, forwarding or local storage. Data classification, contractual controls, endpoint management and recipient authorization remain essential.
For documents that require ongoing collaboration or revocable access, use a managed document platform with identity-based permissions, audit logging and data-loss prevention. Use encrypted secret sharing for controlled transfer, not as a replacement for every document-management function.
The safest sensitive file is the one that contains only what the recipient needs. Remove unused worksheets, hidden columns, revision history, comments and embedded metadata. Consider redaction or pseudonymization before encryption.
For incident evidence or regulated records, preserve integrity and chain-of-custody requirements. Encryption protects confidentiality but does not by itself establish evidentiary handling or legal authorization.
It is the transfer of a file whose content is encrypted so unauthorized parties cannot read it without the correct decryption key or passkey.
Cloud services often encrypt storage and transport, but an open or broadly shared link may still grant access. Client-side content encryption adds another layer.
No. Send the passkey through a separate trusted channel so one compromised mailbox does not reveal both components.
No. After authorized decryption, recipient behavior and endpoint controls determine what happens to the file.
Use the shortest period that allows the recipient to complete the transfer, then invalidate or delete the encrypted record.
Protect passwords, files and confidential text with encrypted links, a separate passkey and browser-side decryption.
Start Secure SharingContent reviewed on 14 July 2026. Security requirements should be adapted to your organization’s risk, policy and regulatory obligations.