Skip to content
GolemDrive Docs

How Encryption Works

Encryption is what makes GolemDrive fundamentally different from other cloud storage. This page explains how it works in terms anyone can understand.

The short version

Section titled “The short version”

Your files are encrypted on your device before they’re uploaded. GolemDrive’s servers only ever see scrambled data. We don’t have the key. We can’t read your files. Nobody can, except you.

Think of it like a lockbox

Section titled “Think of it like a lockbox”

Imagine you put a document into a lockbox, lock it with a key that only you have, and then hand the locked box to a storage company. They store the box for you, but they can’t open it. They don’t have a copy of the key. Even if someone broke into their warehouse, all they’d find are locked boxes.

That’s what GolemDrive does — except the “lockbox” is military-grade encryption and the “key” is generated on your computer or phone.

What happens when you upload

Section titled “What happens when you upload”
  1. You select a file to upload
  2. Your device creates a unique encryption key for that file
  3. Your device scrambles the file using that key — turning it into unreadable data
  4. The scrambled data is sent to GolemDrive’s servers
  5. The encryption key stays on your device — it’s never sent to us

What happens when you download

Section titled “What happens when you download”
  1. GolemDrive sends the scrambled data back to your device
  2. Your device uses the key it stored to unscramble the file
  3. You see the original file, exactly as it was

The entire process happens automatically in the background. You don’t need to enter a password for each file or flip any switches. It just works.

What our servers actually see

Section titled “What our servers actually see”

If you uploaded a family photo, our servers don’t see a photo. They see something like this:

a7f3b2c91e4d... (thousands of random-looking characters)

That’s it. No file names you can read, no thumbnails, no previews on our end. Just encrypted data that’s meaningless without your key.

What “zero-knowledge” means

Section titled “What “zero-knowledge” means”

“Zero-knowledge” means we know nothing about your files. We can’t:

  • See what’s in them
  • Read their names (they’re encrypted too)
  • Generate thumbnails on our servers
  • Scan their contents
  • Hand them over in readable form to anyone

This is by design, not by policy. It’s not that we promise not to look — it’s that we can’t look, even if we wanted to.

What if GolemDrive’s servers were hacked?

Section titled “What if GolemDrive’s servers were hacked?”

An attacker who gained access to our servers would find only encrypted data. Without the encryption keys — which exist only on your devices — that data is useless. It would take billions of years with current technology to crack even a single file.

How GolemDrive compares to other cloud storage

Section titled “How GolemDrive compares to other cloud storage”

Most popular cloud storage services — Google Drive, Dropbox, OneDrive, iCloud — can read your files. They may encrypt data on their servers, but they hold the keys. That means:

  • They can scan your files (and many do, for various reasons)
  • They can comply with government requests to hand over your files in readable form
  • If they’re hacked, the attacker can potentially read your files too

GolemDrive can’t do any of that. Your encryption keys never leave your device.

For the technically curious

Section titled “For the technically curious”

Under the hood, GolemDrive uses:

  • AES-256-GCM for file encryption — the same standard used by governments and militaries worldwide
  • RSA-4096 for key management — each user has a public/private key pair for secure key exchange
  • PBKDF2 with 600,000 iterations for key derivation — your password is strengthened before it’s used to protect your encryption keys

All encryption and decryption happens client-side (on your device). The server never processes unencrypted file data.