Introducing .priv: An Encrypted File Format Built for Privacy
Today we are launching .priv, an open encrypted file format designed from the ground up to protect your files, their names, and their metadata. You can create and open .priv files directly in your browser at PrivConvert, with zero server contact.
In this post, we will explain why we built it, how it works under the hood, and how you can start using it right now.
Why not just use a password-protected ZIP?
It is a fair question. ZIP files support AES encryption, and most people already know how to use them. But there are some fundamental problems with ZIP encryption that most users do not realize.
Filenames are not encrypted. When you password-protect a ZIP file, the content of each file is encrypted, but the names and directory structure remain visible. Anyone who opens the archive can see exactly what files are inside, their sizes, and how they are organized. If you are sending a folder called "legal-dispute-acme-corp" with files like "settlement-offer.pdf" and "witness-testimony.docx", the filenames alone tell a story.
Metadata stays intact. Photos inside a password-protected ZIP still contain GPS coordinates, camera model, and timestamps. Word documents still list the author name, organization, and edit history. The encryption protects the file content but ignores everything attached to it.
Older encryption is broken. The original ZIP encryption scheme, ZipCrypto, has been vulnerable to known-plaintext attacks since 2004. Many tools still default to it. Even the stronger AES-ZIP option leaks file metadata through the unencrypted local headers.
What .priv does differently
The .priv format treats privacy as the default, not an afterthought. Here is what happens when you create a .priv file:
- Metadata stripping. Before encryption, EXIF data from images, author info from documents, and other identifying metadata is removed. The files that go into the encrypted payload are already cleaned.
- Everything gets encrypted. Filenames, file sizes, directory structure, and the actual file content are all bundled into a single payload and encrypted together. An outsider cannot see anything - not even how many files are inside.
- Strong key derivation. Your password goes through PBKDF2 with 600,000 iterations and a random 32-byte salt. This turns your password into a 256-bit encryption key that resists brute-force attacks.
- Authenticated encryption. AES-256-GCM encrypts the payload and produces an authentication tag. If anyone tampers with even a single bit of the file, decryption fails. You know the file has not been modified.
- Optional expiry. You can set an expiration date. After that date, the file refuses to decrypt. This is useful for time-sensitive documents like contracts or temporary access credentials.
Zero knowledge by design
When you use our Create .priv or Open .priv tools, everything happens in your browser using the native Web Crypto API. Your files are never uploaded to our servers. Your password never leaves your device. We have no ability to decrypt your files, even if we wanted to.
This is not a promise backed by a privacy policy. It is a technical reality. The encryption and decryption code runs entirely in JavaScript on your machine. Our server only delivers the static HTML page. After that, your browser does all the work.
The format is open
We believe encrypted formats should be transparent. If you are trusting a tool with your sensitive files, you should be able to verify exactly what it does. The .priv specification is fully documented and open.
Here is the binary structure of a v1 .priv file:
- Bytes 0-3: Magic bytes "PRIV" (identifies the file format)
- Byte 4: Version number (currently 1)
- Byte 5: Flags (expiry enabled, metadata stripped)
- Bytes 6-9: Expiry timestamp (Unix time, or zero if none)
- Bytes 10-41: 32-byte random salt for PBKDF2
- Bytes 42-53: 12-byte random IV for AES-GCM
- Byte 54+: AES-256-GCM ciphertext with 16-byte authentication tag
The encrypted payload contains a file count, followed by each file's name (UTF-8) and raw data. Everything is big-endian. The full specification is available at topriv.com/priv-format.
How to use it
Creating a .priv file
- Go to Create .priv File
- Drag and drop your files (or click to browse)
- Enter a strong password and confirm it
- Optionally enable an expiry date
- Click "Encrypt & Create .priv"
- Download your encrypted .priv file
The entire process takes seconds, even for larger files. There is no upload step because everything runs locally.
Opening a .priv file
- Go to Open .priv File
- Drop your .priv file or click to select it
- Enter the password
- Click "Decrypt" and download your original files
If the password is wrong, you will see an error. If the file has been tampered with, decryption fails. If the file has expired, it tells you the expiration date and refuses to decrypt.
When to use .priv
The .priv format makes sense whenever you need to share files securely and the recipient is willing to use a web-based tool to open them. Some practical examples:
- Sending sensitive documents over email. Email is not encrypted by default. Attaching a .priv file ensures that even if someone intercepts the email, they cannot access the contents without the password.
- Sharing files through cloud storage. Dropbox, Google Drive, and OneDrive store your files on their servers. A .priv file is opaque to the cloud provider - they host an encrypted blob they cannot read.
- Temporary file sharing. With the expiry feature, you can share files that stop working after a deadline. Useful for job offers, proposals, or preview copies.
- Archiving personal files. Encrypt old tax returns, medical records, or personal documents before storing them on an external drive or backup service.
Use .priv from the terminal
We released a command-line tool that lets you encrypt and decrypt .priv files on Linux and macOS without a browser. It is fully compatible with the web tools - files created in the terminal can be opened in the browser and vice versa.
Install it with one command:
curl -sL https://raw.githubusercontent.com/toprivHQ/priv-format/main/priv \
-o /usr/local/bin/priv && chmod +x /usr/local/bin/priv
pip install cryptography Then use it:
# Encrypt files or entire directories
priv encrypt secret.pdf photos/ -o bundle.priv
# Decrypt
priv decrypt bundle.priv -o ./output/
# View file info without decrypting
priv info bundle.priv The tool requires Python 3.8+ and the cryptography package. It supports expiry dates, recursive directory encryption, and shows the topriv branding when run interactively.
What comes next
This is version 1 of the .priv format. We are actively building and plan to add:
- A desktop application with drag-and-drop support and right-click integration
- Libraries in Go and Rust for developers who want to integrate .priv into their own tools
- Support for larger files with streaming encryption
The specification will remain open, and we welcome feedback from the security community.
Open source
The .priv format is fully open source. The specification, a reference implementation in JavaScript, and a standalone offline tool are all available on GitHub under the MIT license.
Try it now
You can create your first .priv file right now. No account needed, no installation, no tracking.
Create .priv File → Open .priv File →
If you want to learn more about the technical specification, visit the full .priv format documentation on topriv.com.