Portable AES-256-GCM file encryption for Windows. No installation, no accounts, no cloud.
Standalone portable executable - No installation required
ZeroTrustEncryptor is a portable file encryption tool that protects your files with AES-256-GCM encryption and Argon2id key derivation. Drag and drop files into the GUI, enter a password, and your files are encrypted into .zte format. Decrypt them the same way. It also obfuscates filenames, securely wipes originals, and runs entirely offline as a single .exe - no installation, no accounts, no data leaves your machine.
Military-grade authenticated encryption. Each file gets a unique nonce. Tamper detection is built in - if a single byte is altered, decryption fails.
Your password is stretched using Argon2id - the winner of the Password Hashing Competition. Resistant to GPU, ASIC, and side-channel attacks.
Encrypted files are renamed to random UUIDs. An observer can't tell what was encrypted just by looking at the filenames.
After encryption, the original file is overwritten with random data before deletion. Simple deletion leaves recoverable data - this doesn't.
No command line needed. Drop files onto the window, enter your password, and click Encrypt or Decrypt. Built-in progress bar and status updates.
Real-time password strength meter using the zxcvbn library. Warns you before encrypting with a weak password so you don't lock files behind a guessable key.
Download, drop, encrypt, done.
Download ZeroTrustEncryptor.exe. It's a single portable file - no installation, no dependencies. Run it from anywhere.
Drag and drop one or more files onto the application window, or use the file browser to select them.
Choose a strong password. The strength meter gives you instant feedback. Confirm it, then click Encrypt or Decrypt.
Encrypted files are saved as .zte files with obfuscated names. Originals are securely wiped. To decrypt, drop the .zte file back in and enter the same password.
Built on proven cryptographic primitives.
Common questions about ZeroTrustEncryptor.
Yes, completely free. No sign-up, no licence key, no premium tier. Download and use it.
ZeroTrustEncryptor uses AES-256-GCM (the same standard used by governments and financial institutions) with Argon2id key derivation. It runs entirely offline - no data is sent anywhere. The encryption is only as strong as your password, so use a strong one.
A .zte file contains the salt, nonce, encrypted original filename, ciphertext, and GCM authentication tag - everything needed to decrypt the file with the correct password. The format is specific to ZeroTrustEncryptor.
No. The download is a standalone .exe that includes everything it needs. Just run it directly - no Python, no pip, no setup.
SmartScreen may warn about the file because it's new and unsigned. This is normal for independent software. You can click "More info" then "Run anyway" to proceed. The tool is open-source if you want to inspect the code.
Yes. ZeroTrustEncryptor supports full CLI mode. Run it with --help to see available commands. You can encrypt, decrypt, and configure options entirely from the terminal.
No accounts. No cloud. No trust required.