Frequently Asked Questions

Everything you need to know about HybridCipher

💡 Tip: Use Ctrl+F (Cmd+F on Mac) to search this page for specific keywords

Getting Started

What platforms does HybridCipher support?

HybridCipher runs on macOS, Windows, and Linux, and has command-line tools for servers. Mobile apps for iOS and Android are planned.

How can I access team features during the pilot?

We're currently running a team pilot program with early access. Apply through our teams page to get started.

Security & Privacy

How is HybridCipher different from Google Drive or Dropbox?

HybridCipher is not a cloud storage service. Google Drive and Dropbox store and sync your files; HybridCipher adds a client-side encryption layer on top of any folder you choose (including a Drive or Dropbox-synced folder). Files are encrypted on your device before they reach the storage provider, so the provider only ever sees encrypted data.

What is quantum-resistant encryption?

Current encryption (RSA, ECC) will be broken by future quantum computers. HybridCipher uses ML-KEM-768 (NIST-approved post-quantum algorithm) combined with X25519 for hybrid protection against both current and quantum attacks. Your files stay safe for next decades.

Can HybridCipher decrypt my files?

No. File encryption keys are randomly generated on your device and wrapped with team epoch keys. We use OPAQUE protocol for password authentication, which means your password never reaches our servers. We have zero knowledge of your data.

What happens if I forget my password or lose my recovery code?

Unfortunately, we cannot recover your password or decrypt your files. This is by design—if we could recover passwords, we could also access your data. Make sure to store your recovery code securely (use a password manager or write it down in a safe place).

Has HybridCipher been audited?

Not yet. We are building on standardized, well-studied primitives and are designing the system to be independently reviewable. We plan to publish more implementation details and pursue third-party review as the product matures.

Is the source code available?

Not yet, but it's on our roadmap. We're committed to open sourcing our core cryptographic library once the product reaches stability. When released, it will be fully auditable on GitHub.

File Management

Is there a file size limit?

HybridCipher does not impose a fixed file size limit. Practical limits depend on your device (available disk space, CPU, memory, and storage speed) and on your sync or storage provider’s per-file limits. Very large files may take longer to encrypt, upload, and rekey, but they are supported.

What file types can I encrypt?

All file types—documents, photos, videos, databases, code, anything. HybridCipher operates at the file level and doesn't care about file format.

Can I encrypt entire folders?

Yes. Choose the folder you want to protect and enroll it in HybridCipher. From that point on, files inside are encrypted automatically and the folder hierarchy remains the same.

Does HybridCipher compress files?

HybridCipher doesn't compress by default because compression before encryption weakens security (see CRIME attack). If you need compression, compress files before encrypting them.

Can I access my encrypted files on mobile?

HybridCipher is currently available on desktop (macOS, Windows, Linux) and via the command line interface. Mobile apps for iOS and Android are planned, but not available yet.

Cloud Sync & Storage

Which cloud providers does HybridCipher support?

HybridCipher works with any cloud storage provider that syncs a local folder on your device. You enroll a local folder (for example, one inside your Google Drive, Dropbox, OneDrive, Nextcloud, or Syncthing sync path), and HybridCipher ensures only encrypted data is stored and synced in the cloud.

Do I need to pay for cloud storage separately?

Yes. HybridCipher uses your existing cloud storage. The encryption happens locally, then encrypted files are stored in your cloud account. This means no vendor lock-in—switch providers anytime.

What if my cloud provider has a data breach?

If your cloud provider is breached, attackers may obtain only the encrypted files stored in your sync folder. HybridCipher encrypts data on your device before it is uploaded, and the keys required to decrypt it stay on authorized devices. Without those keys, the stolen data remains unreadable.

How does offline mode work?

You can keep working with files that are already on your device while offline. Any changes are recorded locally and will sync to your cloud folder automatically once you reconnect and your sync tool resumes.

Team Features

How does the team pilot work?

The team pilot provides early access for organizations helping shape the product. Apply through our teams page to get started.

When I remove a team member, can they still access old files?

Removing a member advances the team to a new encryption epoch, so they will not receive any new keys. To revoke access to previously encrypted files, a rekey operation is required (re-wrapping or re-encrypting existing files under the new epoch). This rekey can be triggered automatically (or run manually) depending on your team settings.

How long does rekeying take?

Rekeying is typically seconds to minutes, depending on file count and your hardware. As a rough example, rekeying around 10,000 files may take about 15 seconds on a modern machine, but slower disks or busy systems can take longer. Rekeying runs in the background so the team can keep working and files remain accessible during the process.

Can I have different access levels for team members?

Currently HybridCipher has Admin and Member roles. Admins can add/remove members, adjust settings, and access audit logs. Members can encrypt/decrypt team files. Fine-grained permissions are coming in a future update.

How do audit logs work?

HybridCipher uses multi-layered auditing: activity logs for all operations (login, encryption, membership changes), Merkle tree commitments for coverage and membership snapshots, hash-chained audit entries in PostgreSQL, and transparency log publication with inclusion proofs.

Technical & Advanced

What encryption algorithms does HybridCipher use?

File encryption: ChaCha20-Poly1305 (IETF RFC 8439). Key encapsulation: ML-KEM-768 (NIST FIPS 203) + X25519 (IETF RFC 7748) hybrid post-quantum. Key derivation: HKDF-SHA256 (IETF RFC 5869). Authentication: OPAQUE (IETF RFC 9497). Digital signatures: Ed25519 (IETF RFC 8032). All algorithms are from NIST or IETF standards.

How does the epoch key system work?

Each team has an epoch (a key version) that changes when membership changes. New files are protected under the current epoch so only current members can decrypt them. When someone is removed, the team advances to a new epoch and the removed member stops receiving future epoch keys. To revoke access to previously shared files, HybridCipher performs a rekey operation (for example, re-wrapping or re-encrypting existing file keys under the new epoch), which can run automatically based on your settings.

Can I self-host HybridCipher?

Yes! Enterprise customers can deploy HybridCipher on-premises. The server is just for coordination and storing encrypted blobs—it never has access to plaintext. Docker and Kubernetes deployments are supported.

What happens if the HybridCipher server goes down?

Files can be encrypted/decrypted offline once you have the epoch keys cached locally. The server coordinates epoch key distribution through Welcome messages. If the server is down, existing members with cached keys can work normally, but new devices/members cannot join or receive keys until the server returns. All encryption/decryption is client-side.

Compliance & Legal

Can HybridCipher be used for healthcare data?

HybridCipher can be part of a HIPAA-aligned deployment because it is designed to protect electronic protected health information with strong client-side encryption, access controls, and auditability features (where enabled). However, HIPAA compliance depends on the full system and your operations—risk assessment, policies, training, incident response, and (when applicable) signed Business Associate Agreements with vendors that create, receive, maintain, or transmit protected health information. We recommend validating your specific deployment with your compliance officer.

How does HybridCipher handle privacy?

HybridCipher is built to minimize what the service can learn. File contents are encrypted on your devices before they reach your storage provider, so HybridCipher cannot read your files. For account and team coordination, we only process the metadata needed to operate the service (for example, account identifiers, device membership, and team membership events). You can export your data, and you can request deletion of account-related data, subject to required operational and legal retention.

Where is data stored?

Your encrypted files are stored wherever you choose—typically inside the local folder synced by your existing cloud provider. HybridCipher service data used for account login and team coordination (for example, account identifiers, device registrations, and team membership events) is stored in managed data centers in the US and EU. Enterprise deployments can select a specific region for this service data (or self-host, if offered for your plan).

Can law enforcement access my files?

No. We use zero-knowledge encryption, so we cannot decrypt your files even if compelled by law enforcement. We would only be able to provide encrypted blobs and metadata (account creation date, last login, etc.), not file contents.

Support & Resources

How do I get technical support?

For technical assistance or questions, contact us at support@hybridcipher.com. During the pilot phase, our team is actively working with early users to address issues and improve the product. You can also reach out through the contact form on our website.

Where can I find documentation?

Full documentation is available in our User Guide, Technical Documentation, and Security & Threat Model pages. These cover everything from getting started to advanced cryptographic details.

How do I report a bug or request a feature?

We welcome feedback! Email us at support@hybridcipher.com with bug reports or feature requests. Please include details about your operating system, HybridCipher version, and steps to reproduce any issues. Feature suggestions from pilot users directly shape our roadmap.

Is there a community or forum?

We're building our community resources. In the meantime, you can connect with us directly through email or our contact form. We'll announce community forums and other channels as they become available.