Function definition
The CryptPeer® Encrypted File Transfer function enables sending and receiving files of any size, encrypted end-to-end, without a trusted third-party server, with an explicit choice of reception mode by the recipient:
It includes no-account sharing to external third parties: encrypted link, random password, recipient-side local decryption, configurable retention, and automatic destruction.
- Encrypted download — for secure storage or re-sharing
- Decrypted download — for immediate local use
This dual option — sovereign control of the cryptographic state upon receipt — exists in no current SaaS competitor (including BlueFiles, Tresorit, Proton Drive or GoAnywhere).
Product objectives
- Enable senders to transfer large files (up to several GB)
- Ensure end-to-end encryption (E2EE) until the recipient's terminal
- Offer the recipient a sovereign option: maintain confidentiality (stay encrypted) or decrypt locally (final use)
- Eliminate any risk of server compromise or centralized key
Technical mechanism
Reference: Cryptographic specifications — Section 26 (K_file_v2)
| Element | Description |
|---|---|
| Encryption type | AES-256-GCM (authenticated encryption) |
| Key derivation | PBKDF2-HMAC-SHA256 (K_file_base) + HKDF_SHA256 (K_file_v2) from userId and K_seg |
| Transport | HTTPS + WebSocket / WebRTC depending on configuration |
| Session key | Local, volatile, not exchanged (deterministic derivation on peer sides) |
| Temporary storage | Encrypted file in database or on disk — never in plaintext |
| Recipient choice | Local decryption on demand, without server contact |
| Re-sharing | Possible only if file kept encrypted |
MFT administration: policies, volumes and dual usage
File transfer is not a bolt-on consumer feature: it follows a managed file transfer (MFT) pattern governed on your deployment, with retention and security rules aligned to operational requirements.
Policies and lifecycle
- Transfer inside end-to-end encrypted chat, without relying on a third-party vendor for the document path.
- Storage and retention policy control, with automated file lifecycle based on configured parameters.
Volume control
- Maximum size per space (GB) and automatic removal of oldest files when quota is reached.
- Configurable purge percentage to balance availability and document discipline.
Security restrictions
- Upload size cap (MB), allow/deny file types, handling of sensitive extensions (executables, archives, etc.).
- Custom rules can be added for specific operational needs.
Dual usage: internal and external
- Advanced internal MFT for authenticated users.
- Simplified sharing to third parties (secure-link style), including contacts without a CryptPeer account, within the same unified environment.
Strategic differentiator
CryptPeer®: the first sovereign system to offer "cryptographic choice upon receipt". To our knowledge, no competitor (BlueFiles, Tresorit, Proton, Kiteworks) currently allows a non-administrator end recipient to choose between encrypted or decrypted download in an E2EE communication context without a trusted third party.
Competitive comparison — File transfer
| Solution | Type | Encrypted/decrypted choice | Sovereignty | Indicative price (€/user/year) |
|---|---|---|---|---|
| BlueFiles | Professional SaaS (ANSSI) | ❌ | Service-side keys | ~12,500 €/user/yr (8-user pack ~100,000 €/yr) |
| Tresorit / Tresorit Send | Private SaaS | ❌ | Zero knowledge | ~240 €/user/yr |
| Proton Drive | Open-source SaaS | ❌ | Zero knowledge | ~120 €/user/yr |
| Internxt Send | Privacy-first SaaS | ❌ | Zero knowledge | Free |
| Kiteworks / GoAnywhere | Enterprise MFT | ❌ | Server keys | 30,000 €+ /yr (license, quote-based) |
| CryptPeer® Standard | Sovereign system | ✅ | Exclusive licensee control | Public 2026 pricing grid: from €19 excl. tax / month / seat for the first five pack slots, then €21–39 excl. tax / month / seat by total headcount — typically ~€230–320 excl. tax / seat / year for 50–200 people on annual billing (indicative). |
Sources: bluefiles.com — tresorit.com — proton.me — internxt.com — goanywhere.com — kiteworks.com. Indicative prices, quote-based depending on configuration.
Doctrinal positioning
CryptPeer® — The only sovereign communication and file transfer system enabling the end user to decide whether to maintain or lift encryption.
- No third-party cryptographic authority — no trusted server, no shared key
- Complete licensee sovereignty — transfer integrated with CryptPeer messaging
- Dual-Use defensive compliance — civil, institutional or defence
- Structural cost efficiency — no recurring hosting or per-user license costs
Key arguments
- End-to-end encryption without third party
- Sovereign choice of reception mode
- Self-hosted, auditable system
- GDPR and Dual-Use defensive compliant
- Economically rational vs managed SaaS
See also the full CryptPeer® vs competitors comparison and cryptographic specifications.
Full comparison → Why CryptPeer® →