OnionDrive encrypts your files with your own PGP public key before storing them. We hold ciphertext only. Without your private key, your files are unreadable โ to anyone, including us.
PGP (Pretty Good Privacy) is a proven encryption standard used for decades to protect sensitive data. In the context of cloud storage, client-side PGP encryption means your files are encrypted using your public key before they are uploaded โ the server receives ciphertext, not plaintext.
Most cloud storage services use server-side encryption: your files are transmitted in plaintext and encrypted by the provider using keys the provider controls. This means the provider can decrypt your files at any time โ and must comply with legal orders to do so.
With OnionDrive's client-side PGP model, the provider never has your private key and never sees your plaintext files. Even if our servers were compromised or we received a legal order, the data stored is mathematically unreadable without your private key.
You need a PGP key pair. If you don't have one yet, here is how to generate one and start encrypting your files on OnionDrive.
Step 1 โ Generate a key pair. Use GPG (available on all platforms), Kleopatra (Windows/macOS GUI), or GPG Suite (macOS). Generate a key pair: one public key and one private key.
Step 2 โ Add your public key to OnionDrive. In your OnionDrive account settings, paste your PGP public key. Only the public key is shared โ your private key stays on your device.
Step 3 โ Encrypt files on the platform. Select any file in your OnionDrive storage and click "Encrypt (PGP)". The file is encrypted with your public key. The original is replaced by the encrypted version.
Step 4 โ Decrypt locally. Download the encrypted file and use your private key with GPG or any PGP-compatible tool to decrypt it on your device.
The distinction matters. One model protects you from everyone, including the provider. The other just adds a layer that the provider controls.
Encryption alone is not enough. OnionDrive combines PGP with Tor access, zero logs, and anonymous sharing.
Connect via our native .onion hidden service to encrypt and upload files without exposing your IP address. PGP + Tor = the strongest possible privacy model.
network anonymityWe do not log which files you encrypt, upload, or download. The metadata about your encrypted files stays as private as the files themselves.
no metadata logsShare your PGP-encrypted files via password-protected or time-limited links. Recipients with the correct private key can decrypt the file after downloading.
secure sharingCombine PGP file encryption with TOTP two-factor authentication. Two independent layers of protection for your account and your files.
layered securityNo. You need to generate a PGP key pair once (using GPG or a GUI tool like Kleopatra), paste your public key into your account settings, and click "Encrypt" on the files you want to protect. OnionDrive handles the encryption process. Decryption is done locally with your private key using standard tools.
Encrypted files cannot be recovered without your private key. This is intentional โ it guarantees that nobody else can decrypt them either. Always keep a secure backup of your private key and revocation certificate.
Yes. You can encrypt files locally with GPG before uploading: gpg --encrypt --recipient [email protected] file.pdf. Upload the resulting .gpg file to OnionDrive. This gives you complete control over the encryption process.
PGP client-side encryption achieves the same result as end-to-end encryption: only the keyholder can read the data. The encrypted file travels from your device to our servers and back entirely as ciphertext. The distinction is technical โ PGP is asymmetric key encryption; E2E often refers to symmetric session encryption. Both protect your data from the provider.
Yes. You can encrypt a file with another person's PGP public key before uploading, then share the download link with them. They can decrypt it using their private key. Alternatively, encrypt with your own key and share the decrypted file through a different channel.
Never. Only your public key is stored on OnionDrive โ and public keys are designed to be shared. Your private key never leaves your device. This is the fundamental security guarantee of asymmetric cryptography.
Free account. Client-side PGP encryption. Native Tor access. Zero logs.