encrypt.day

Allow anyone to decrypt on

Disclaimer

As far as the law allows, this service comes as is, without any warranty or condition, and the provider will not be liable to you for any damages arising out of the use or nature of the service, under any kind of legal claim.

This is a hobby project. I don’t recommend using it in situations where reliability is critical. It’s your responsibility to have a backup plan if the service goes down.

What’s this for?

For any time you want to lock up a piece of text and not let anyone (even yourself) access it for a while! Stage a big reveal. Make a digital time capsule.

How do I use it?

Type or paste some text in the box, choose a time, and click Encrypt. An encrypted message will appear. Save the entire message in a safe place (including the lines that start with “#” and “-”). When it’s time to decrypt it, come back to this page and paste it into the box.

How does the encryption work?

The server has a public and private key for every timestamp within the next year, with 15-minute granularity. There’s a key pair for January 1, 12:00 AM, another key pair for January 1, 12:15 AM, another for January 1, 12:30 AM, and so on.

This website looks up the public key for the time you selected, and uses it to encrypt your data. Once the time arrives, the server publishes the corresponding private key, allowing you to decrypt the data.

Network requests are only used for looking up the keys, and the same keys are used for everyone. This means your data is encrypted and decrypted without ever leaving your device, which helps preserve your privacy. It also means the keys can be hosted on a global CDN, which reduces latency and hosting costs.

What are the limitations?

Since the keys are the same for everyone, anyone who has your encrypted data can decrypt it after the private key is published. Don’t share the encrypted text anywhere you wouldn’t share the decrypted text. Once someone has the text, you can’t stop them from decrypting it in the future.

Also, the system is not designed to prevent governments, lawyers, or rogue employees of the hosting company from accessing the unpublished keys.

Advanced usage

You can integrate this service with your own code. The API returns keys in the form of age recipient and identity files. You can use these keys with the age command line tool, as well as any of the compatible libraries, which are available for various programming languages.

To try it out, first install the age tool. Then, to encrypt a file named mydata.txt until March 26, 2025 at 6pm (in the time zone UTC-7, a.k.a. Pacific Daylight Time):

age -R <(curl -sS https://encrypt.day/pub/2025-03-26T18:00:00-07:00) < mydata.txt > mydata.txt.age

To decrypt your file on or after that time:

age -d -i <(curl -sS https://encrypt.day/priv/2025-03-26T18:00:00-07:00) < mydata.txt.age > mydata.txt

The above commands use a binary format for encrypted files. If you want an encrypted text file in the same format this website produces, add the --armor flag. For example:

age -R <(curl -sS https://encrypt.day/pub/2025-03-26T18:00:00-07:00) --armor < mydata.txt > mydata.encrypted.txt

When you use commands like these, you are responsible for saving the timestamp. When it’s time to decrypt, you’ll need the timestamp to look up the correct key.

The above commands are written for the bash and zsh shells. If you’re using fish, then instead of <(curl ...) you should use (curl ... | psub).

Privacy

When you use this website, your IP address, browser name, and selected timestamp are transmitted to the server and temporarily logged for debugging purposes. Your encrypted and decrypted data are not transmitted.

This service does not use cookies or other methods of tracking individual people’s activity. I don’t sell or share information about you with anyone.

However, the service uses the infrastructure providers DigitalOcean and CloudFlare, who might log your IP address and encryption key timestamps because your device communicates with the service through their networks. They might also use cookies for security purposes. You can read their privacy policies to learn how they use your information.

Trivia

Why is this website encrypt.day instead of encrypt.date? Some content filters will block any website that ends with .date, so I thought it’d be more reliable to use .day. You can still go to encrypt.date and it’ll redirect here.

Is this website related to the age open source project? This website uses code from the age project, but they are otherwise separate and maintained by different people. The latter happens to be named “age,” but the name doesn’t refer to the “age” of the encrypted text. In fact, the author of the tool pronounces it “ah-ghe,” not like the English word “age.”