An open encrypted container format designed for privacy. AES-256-GCM encryption, automatic metadata stripping, and hidden filenames.

Create .priv file | Open .priv file | Full specification

Existing archive formats like ZIP and 7z were designed for compression, not privacy.

# Install
git clone https://github.com/toprivHQ/priv-format.git
cd priv-format
pip install cryptography
sudo cp priv /usr/local/bin/

# Encrypt files
priv encrypt secret.pdf photos/ -o bundle.priv

# Decrypt
priv decrypt bundle.priv -o ./decrypted/

# View file info without decrypting
priv info bundle.priv

One-liner install:

curl -sL https://raw.githubusercontent.com/toprivHQ/priv-format/main/priv -o /usr/local/bin/priv && chmod +x /usr/local/bin/priv && pip install cryptography

No installation needed. Go to privconvert.com/tools/priv-encrypt and drop your files.

import { encrypt, decrypt } from './priv.js';

// Encrypt files
const privFile = await encrypt(files, password, { stripMetadata: true });

// Decrypt a .priv file
const originalFiles = await decrypt(privFileBuffer, password);

Clone this repo and open index.html in your browser. No server needed.

git clone https://github.com/toprivHQ/priv-format.git
cd priv-format
open index.html

Once decrypted, the payload contains:

• uint32 - File count (big-endian)
• For each file:
  • uint16 - Filename length (big-endian)
  • N bytes - Filename (UTF-8)
  • uint32 - File data size (big-endian)
  • N bytes - Raw file data

• Key derivation: PBKDF2 with SHA-256, 600,000 iterations, 32-byte random salt
• Encryption: AES-256-GCM with 12-byte random IV
• Authentication: GCM provides authenticated encryption (16-byte auth tag appended to ciphertext)

• Zero knowledge: When using the web tool, encryption and decryption happen entirely in the browser. No files or passwords are sent to any server.
• Hidden output filename: The encrypted .priv file is saved with a random name (e.g., encrypted-a4f7b2c1.priv). The original filename is stored only inside the encrypted payload and is invisible without the correct password.
• Metadata stripping: When enabled, image files (JPEG, PNG, WebP, BMP, GIF) are re-encoded through a clean canvas before encryption, removing all EXIF data (GPS coordinates, camera info, timestamps, author).
• Authenticated encryption: AES-256-GCM ensures both confidentiality and integrity. Tampering with any byte causes decryption to fail.
• Unique per file: Random salt and IV mean encrypting the same file twice produces completely different output.
• Brute-force resistant: 600,000 PBKDF2 iterations make password guessing computationally expensive.

+--------+---+-------+--------+------+----+--------------------+
| PRIV   | V | Flags | Expiry | Salt | IV | Encrypted Payload  |
| 4B     |1B | 1B    | 4B     | 32B  |12B | Variable           |
+--------+---+-------+--------+------+----+--------------------+

Files encrypted with the CLI are fully compatible with the browser tools and vice versa.

• Browser: Any modern browser (Chrome, Firefox, Safari, Edge)
• CLI: Python 3.8+ with the cryptography package

MIT License. See LICENSE for details.

The .priv format specification is open and free to implement.

• Create .priv file - Browser-based encryption
• Open .priv file - Browser-based decryption
• Format documentation - Full specification
• Blog post - Why we built .priv

Built by topriv - Privacy-first digital tools.