At Old Forge Technologies, we believe in building tools that solve real problems without compromising on security or privacy. Today, we’re proud to announce the open source release of Whirlcrypt, a secure file sharing platform that puts privacy first.
The Problem We Solved
In an era where data breaches make headlines daily, sharing sensitive files remains a challenge for businesses and individuals alike. Traditional file sharing services often require you to trust them with your unencrypted data, creating potential security vulnerabilities. We built Whirlcrypt to eliminate this trust requirement entirely.
What Makes Whirlcrypt Different
Whirlcrypt implements zero-knowledge architecture using the RFC 8188 standard for encrypted content encoding. This means:
- Files are encrypted in your browser before they ever leave your device
- The server never sees your encryption keys – they’re embedded in shareable links
- No user accounts required – reducing data collection and privacy concerns
- Automatic expiration – files are automatically deleted after a configurable retention period
The application uses AES-128-GCM encryption with a 4KB record size, ensuring both security and efficient streaming of large files. Each file gets a unique encryption key that never touches our servers.
Technical Architecture
Built as a modern web application, Whirlcrypt features:
- React frontend with TypeScript for type safety
- Express.js backend with comprehensive security middleware
- PostgreSQL database storing only metadata (never file content or keys)
- Pluggable storage system supporting local filesystem with planned cloud provider support
- Docker containerization for easy deployment
- Comprehensive API with OpenAPI documentation
The codebase demonstrates enterprise-grade security practices including rate limiting, content security policies, input sanitization, and SQL injection protection through prepared statements.
Production Ready
Whirlcrypt isn’t just a proof of concept. It’s production-ready software that we’ve deployed and battle-tested. The application includes:
- Systemd service configuration for Linux deployments
- Nginx reverse proxy configuration
- Database migration scripts
- Comprehensive security documentation
- Automated cleanup of expired files
- Health monitoring and logging
Open Source Commitment
We’re releasing Whirlcrypt under the MIT license because we believe secure file sharing should be accessible to everyone. The complete source code, documentation, and deployment guides are available on GitHub.
Repository: github.com/creativeheadz/whirlcrypt
Live Demo: whirlcrypt.co.uk
API Documentation: Interactive API Explorer
Why We Built This
At Old Forge Technologies, we understand that small and medium businesses need enterprise-grade security without enterprise complexity. Whirlcrypt represents our philosophy of building robust, secure solutions that are both powerful and approachable.
Whether you’re a developer looking to implement secure file sharing in your application, a business needing a privacy-focused file sharing solution, or simply someone who values digital privacy, Whirlcrypt provides a solid foundation.
Get Started
The project includes comprehensive setup scripts and documentation to get you running quickly. For businesses in Suffolk and Cambridgeshire, we’re available to help with deployment, customization, or integration into your existing systems.
Whirlcrypt demonstrates that security and usability don’t have to be mutually exclusive. We’re excited to see how the community uses and improves upon this foundation.
Old Forge Technologies specializes in bespoke IT and cybersecurity solutions for small and medium businesses. Contact us to discuss how we can help secure your digital infrastructure.