Drop in any photo your browser can open. Veilpix decodes it to raw
pixels on a <canvas> — no upload, the bytes stay
in this tab.
Your message or file is encrypted with AES-GCM-256. The key is derived from your passphrase with PBKDF2 (210,000 rounds of SHA-256) using the Web Crypto API. The original filename is sealed inside the ciphertext.
A worker rewrites the least-significant bit of each red, green and blue channel to carry the ciphertext. The change is ±1 per channel — invisible to the eye, but it's all there.
The result is re-encoded as PNG — lossless, so the hidden bits survive. Share it like any other image. Don't convert it to JPEG; recompression would scrub the payload.
The recipient drops the PNG into Veilpix's Reveal tab and enters the same passphrase. The worker reads the LSBs, verifies the container, and decrypts — recovering the original message or file.
Veilpix hides an encrypted message or file inside the pixels of an ordinary image — a technique called steganography. Unlike a visibly-encrypted blob, the output just looks like a picture.
Everything happens locally in your browser using the Web Crypto and Canvas APIs. The cover image, your secret and your passphrase never leave your device. There is no server and no account. The only analytics is Cloudflare Web Analytics — anonymous, cookie-less page-view counts; no personal data, no cross-site tracking.
Built by benrichardson.dev. Source on GitHub. Released under the MIT license.