Encryption that lies for you.
One file. Two passwords. Two completely different results.
Both decrypt correctly. Neither can be disproven.
Standard encryption has a flaw. It proves something is hidden. A locked file is an admission that secrets exist. Under pressure, the only options are comply or refuse - and refusal is its own confession.
deny.sh removes that choice entirely. Open the same file with one password and it decrypts to your real message. Open it with another and it decrypts to something harmless. Both outputs are mathematically valid. No test, no tool, no forensic analysis can determine which is the original.
How it works
You encrypt with two passwords.
The first password protects your real content. The second generates a control file - a cryptographic bridge between your real message and your decoy.
You choose what the lie is.
Write a decoy message. A shopping list. Meeting notes. Anything. deny.sh generates a new control file that makes the encrypted data decrypt to your decoy instead.
Both truths coexist.
The encrypted file doesn't change. The decoy decryption is indistinguishable from the real one. There's no hidden partition, no metadata leak, no statistical tell. The maths doesn't lie - it lies for you.
Why this matters.
GPG, VeraCrypt, age - they're excellent at keeping secrets. But they can't deny that secrets exist. An encrypted volume is a locked door, and a locked door invites questions.
deny.sh is a door that opens to a different room depending on who's asking. The coercion problem isn't theoretical. Journalists cross borders. Activists face warrants. Lawyers hold privileged communications. The right to remain silent means nothing if your hard drive can't.
No proprietary cryptography.
AES-256-CTR for encryption. scrypt for key derivation. XOR composition for deniability. Every primitive is open, audited, and battle-tested. The deniability comes from the construction, not from obscurity.
The core insight: encrypt plaintext by XOR-ing it with a control file, then AES-encrypt the result. To create a decoy, compute a new control file that maps the same ciphertext to different plaintext. The maths is symmetric - there's no "real" direction.
# encrypt
$ deny encrypt secret.txt -o secret.enc
Password: ••••••••
Control password: ••••••••
✓ Encrypted → secret.enc + secret.ctrl
# decrypt (real)
$ deny decrypt secret.enc --control secret.ctrl
Password: ••••••••
Control password: ••••••••
→ "launch codes: 38.8977° N, 77.0365° W"
# create decoy control file
$ deny decoy secret.enc --fake "grocery list: milk, eggs, bread"
Password: ••••••••
Control password: ••••••••
✓ Decoy control → secret-decoy.ctrl
# decrypt with decoy (same encrypted file)
$ deny decrypt secret.enc --control secret-decoy.ctrl
Password: ••••••••
Control password: ••••••••
→ "grocery list: milk, eggs, bread"See it work.
Everything runs in your browser. Nothing leaves your machine.
Open source. Zero knowledge. Free.
The browser demo and CLI are free. The API is live - 100 calls/month free, paid tiers for production use. Questions? Get in touch.
hello@deny.sh