How deny.sh compares.
Every tool below is good at encryption. Only one can lie about what's encrypted.
| deny.sh | VeraCrypt | PGP/GPG | BitLocker | |
|---|---|---|---|---|
| Encrypts files | ✓ | ✓ | ✓ | ✓ |
| Strong encryption (AES-256) | ✓ | ✓ | ✓ | ✓ |
| Plausible deniability | ✓ | Partial | ✗ | ✗ |
| Undetectable deniability | ✓ | ✗ | ✗ | ✗ |
| Multiple decoys from one file | ✓ | ✗ | ✗ | ✗ |
| No hidden partition needed | ✓ | ✗ | ✓ | ✓ |
| Works on single files | ✓ | Volumes | ✓ | Drives |
| API/SDK available | ✓ | ✗ | CLI | ✗ |
| Browser demo | ✓ | ✗ | ✗ | ✗ |
| Open source | AGPL | Apache | GPL | Proprietary |
The VeraCrypt problem.
VeraCrypt's hidden volumes are clever but detectable. A hidden volume lives inside unused space in an outer volume. Forensic tools can measure the ratio of used vs total space and flag anomalies. An empty 50GB volume with only 2GB of files raises obvious questions.
deny.sh has no volumes, no partitions, no unused space to analyse. A single file decrypts to different content depending on which control file you use. The file size stays constant. There is no structural tell.
Why PGP can't deny.
PGP encrypts a file. It does this well. But the result is unmistakably a PGP-encrypted file. There's a header, a format, a structure. Under coercion, the existence of the encrypted file is the problem. PGP protects content but advertises that content exists.
deny.sh output is raw bytes. No header, no format signature. And even if you're forced to decrypt it, the decoy control file produces a completely different, valid plaintext.
Why multiple decoys matter.
VeraCrypt gives you one hidden volume per outer volume. deny.sh lets you create unlimited deniable control files from a single encrypted file. One for your partner. One for your lawyer. One for the border agent. Each decrypts to different content. Each is mathematically indistinguishable from the real one.
See it work.
The comparison is nice but the proof is better. Try the demo or protect your seed phrase right now.