FileBit AES-256 file vault for macOS, zero network requests

Name: FileBit AES-256 file vault for macOS, zero network requests
Availability: InStock
Author: aarush-prakash

by aarush-prakash·Mar 18, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●MidCozyNiche Gem

Solid local encryption but FileVault and Cryptomator already solve this.

Strengths

•No network entitlements means app physically cannot phone home
•Secure Enclave key storage with biometric access control
•3-pass overwrite shredding prevents forensic recovery

Weaknesses

•macOS-only limits audience, no iOS or cross-platform support
•File encryption is solved problem with free built-in alternatives

Post Description

I built FileBit because I wanted to encrypt files on my Mac without creating an account or trusting a third party with anything. Every existing solution I tried either required a subscription, phoned home, or had a vague privacy policy. FileBit stores encrypted files locally in ~/Library/Application Support/FileBit/Vault/. Original filenames are packed inside the encrypted blob so the vault directory reveals nothing about contents. Technical details:

AES-256-GCM via Apple CryptoKit (hardware-accelerated) PBKDF2-SHA256 key derivation, 600k iterations Touch ID unlock vault key stored in Keychain with Secure Enclave biometric access control SHA-256 checksum stored in metadata, verified on every export 3-pass overwrite shredding (0x00, 0xFF, random bytes via SecRandomCopyBytes) Full App Sandbox with no network entitlements the app cannot make network requests

One tricky part: CryptoKit doesn't expose PBKDF2 directly so I had to bridge to CommonCrypto for key derivation then hand the key back to CryptoKit. Also spent a lot of time getting SecAccessControlCreateFlags right for Touch ID with password fallback the docs are sparse. macOS 15+ required.

Available on the Mac App Store.

https://apps.apple.com/us/app/filebit-encrypt-lock-files/id6...