Function definition

The CryptPeer® Encrypted File Transfer function enables sending and receiving files of any size, encrypted end-to-end, without a trusted third-party server, with an explicit choice of reception mode by the recipient:

  • Encrypted download — for secure storage or re-sharing
  • Decrypted download — for immediate local use

This dual option — sovereign control of the cryptographic state upon receipt — exists in no current SaaS competitor (including BlueFiles, Tresorit, Proton Drive or GoAnywhere).

Product objectives

  • Enable senders to transfer large files (up to several GB)
  • Ensure end-to-end encryption (E2EE) until the recipient's terminal
  • Offer the recipient a sovereign option: maintain confidentiality (stay encrypted) or decrypt locally (final use)
  • Eliminate any risk of server compromise or centralized key

Technical mechanism

Reference: Cryptographic specifications — Section 26 (K_file_v2)

Element Description
Encryption typeAES-256-GCM (authenticated encryption)
Key derivationPBKDF2-HMAC-SHA256 (K_file_base) + HKDF_SHA256 (K_file_v2) from userId and K_seg
TransportHTTPS + WebSocket / WebRTC depending on configuration
Session keyLocal, volatile, not exchanged (deterministic derivation on peer sides)
Temporary storageEncrypted file in database or on disk — never in plaintext
Recipient choiceLocal decryption on demand, without server contact
Re-sharingPossible only if file kept encrypted

Strategic differentiator

CryptPeer®: the first sovereign system to offer "cryptographic choice upon receipt". To our knowledge, no competitor (BlueFiles, Tresorit, Proton, Kiteworks) currently allows a non-administrator end recipient to choose between encrypted or decrypted download in an E2EE communication context without a trusted third party.

Competitive comparison — File transfer

Solution Type Encrypted/decrypted choice Sovereignty Indicative price (€/user/year)
BlueFilesProfessional SaaS (ANSSI)Service-side keys~12,500 €/user/yr (8-user pack ~100,000 €/yr)
Tresorit / Tresorit SendPrivate SaaSZero knowledge~240 €/user/yr
Proton DriveOpen-source SaaSZero knowledge~120 €/user/yr
Internxt SendPrivacy-first SaaSZero knowledgeFree
Kiteworks / GoAnywhereEnterprise MFTServer keys30,000 €+ /yr (license, quote-based)
CryptPeer® StandardSovereign systemExclusive licensee control180 €/user/yr (Core) — 450 €/yr (Total)

Sources: bluefiles.com — tresorit.com — proton.me — internxt.com — goanywhere.com — kiteworks.com. Indicative prices, quote-based depending on configuration.

Doctrinal positioning

CryptPeer® — The only sovereign communication and file transfer system enabling the end user to decide whether to maintain or lift encryption.

  • No third-party cryptographic authority — no trusted server, no shared key
  • Complete licensee sovereignty — transfer integrated with CryptPeer messaging
  • Dual-Use defensive compliance — civil, institutional or defence
  • Structural cost efficiency — no recurring hosting or per-user license costs

Key arguments

  • End-to-end encryption without third party
  • Sovereign choice of reception mode
  • Self-hosted, auditable system
  • GDPR and Dual-Use defensive compliant
  • Economically rational vs managed SaaS

See also the full CryptPeer® vs competitors comparison and cryptographic specifications.

Full comparison → Why CryptPeer® →