Secure Information Transfer

Use this page to send messages and files to brovo.xyz. Optional client‑side encryption keeps content private before it leaves your browser.

Default endpoint: https://brovo.xyz/api/transfer (configure below)
Supports text messages and file uploads (up to your server limits)
Optional auto‑delete (TTL) and one‑time access flags are included with submissions

Send a message / files

Your name (optional)

Your email (optional)

Subject

Message

Attach files (optional)

Files are uploaded as‑is unless encryption is enabled, in which case they are encrypted in your browser before upload.

Auto‑delete after

One‑time access

Encrypt before sending

Payload format (for your backend)

POST multipart/form-data to /api/transfer with fields:
  fromName, fromEmail, subject, oneTime ("true"|"false"), ttlDays (number)
  If NOT encrypted:
    message (string)
    files[] (file list)
  If encrypted (AES‑256‑GCM, PBKDF2‑SHA256 250k iters):
    messageEnc (base64), iv (base64), salt (base64), kdf="PBKDF2", alg="AES-256-GCM"
    files[] = encrypted blobs; filesMeta (JSON) with { name, iv, salt, sizeEnc, sizePlain }
  Recommended response JSON: { ok: true, id: "...", oneTimeUrl: "https://brovo.xyz/…", receipt: "sha256-…" }

Verify a receipt

If your server returns a receipt (SHA‑256 of the plaintext message), you can recalc it locally:

Paste your original plaintext message

Receipt (SHA‑256)

About this page

This is a minimal, privacy‑minded information transfer page for brovo.xyz. It supports optional client‑side encryption so your content can be protected before it is sent to the server. Share the password with the recipient via a separate channel (e.g., messenger or call).

Disclaimer: Client‑side encryption here uses the Web Crypto API. For highly sensitive data, consider audited tools and dedicated key management.

Contact

Questions or issues? Email [email protected].