Encrypt anything.
One ciphertext. Two control files. Two completely different truths. Runs entirely in your browser.
The thing you actually need to keep private. A seed phrase, a message, a password, a confession, a file. Whatever it is, it stays between you and the maths.
The plausible alternative. When someone compels you to decrypt, this is what they get. Make it boring. Make it believable. The best decoys are the ones nobody questions.
Two passwords, one key. scrypt derives the encryption key from both. You need both to decrypt. Neither is stored anywhere, ever.
Both passwords are needed together. Neither is stored anywhere.
🔒 Everything runs in your browser. Nothing is sent to any server.
✓ Encrypted successfully
One ciphertext. Two control files. Two different truths.
How to use these files: Store the ciphertext anywhere safe. Keep the real control file somewhere only you can access. Put the decoy control file somewhere plausible, like a notes app or a drawer. Under duress, hand over the decoy. They decrypt and get the decoy message. Your real data stays hidden.
Keep this safe. With this + your passwords, you get the real message back.
Give this to anyone demanding access. Same ciphertext, different truth.
Zero knowledge. Zero trust required.
This page runs entirely in your browser. Your message, your decoy, your passwords never leave your device. There is no server call. Don't take our word for it:
The encryption uses AES-256-CTR with keys derived via scrypt. Standard, well-studied primitives. No novel cryptography. The deniability comes from XOR composition with control data, not from anything clever or untested.
deny.sh is open source (AGPL-3.0). You can read every line. You can run the 22-test verification suite yourself. Don't trust us. Verify.
Need to store your control files securely? Use the encrypted vault. Want to hide your backup inside a photo? Steganography. Split it between trusted people? Shamir's Secret Sharing. Set up a dead man's switch? That too.
For the full technical specification, read the whitepaper.
Best practices.
Deniable encryption is one layer. To get the most out of it:
Make your decoys believable. An empty string or "test123" won't fool anyone. Use something that matches the kind of data you'd plausibly have. Old passwords, dummy seed phrases with small balances, mundane notes.
Use strong, unique passwords. Deniability protects you from compelled disclosure, not from weak passwords. Use 12+ characters, mix types, don't reuse them.
Store control files separately from the ciphertext. If someone finds both in the same folder, the deniability is intact but the operational security isn't. Use the vault, a hardware wallet, or a separate device.
Split sensitive control files. Use Shamir's Secret Sharing to split a control file across 3 of 5 trusted people. No single person (including you under duress) can reconstruct it alone.
Consider steganography. If the existence of an encrypted file is itself suspicious, hide it inside a photo. The image looks identical to the original.
Set up a dead man's switch. If you can't access your data, someone you trust should be able to. Configure automatic release if you stop checking in.
Don't rely on a single tool. Combine deny.sh with hardware wallets, multisig, air-gapped machines, and good physical security. The best defence is layered.