How AES-256 Local Encryption Actually Works
You've seen 'AES-256 encryption' on every security product. But what does it actually mean when encryption happens locally, on your device, with no server involved? A plain-language explanation.
The three-letter acronym everyone uses but few understand
AES-256. You see it everywhere. Password managers, messaging apps, VPNs, cloud storage services. It's become the universal shorthand for "this is secure." But most explanations stop at "military-grade encryption" — a phrase so overused it's lost all meaning.
Let's fix that. Here's how AES-256 actually works, specifically in the context of local encryption — where your data never leaves your device.
What AES-256 actually is
AES stands for Advanced Encryption Standard. It was selected by the U.S. National Institute of Standards and Technology (NIST) in 2001 after a five-year international competition among cryptographers. The winner was an algorithm called Rijndael, designed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen.
256 refers to the key length in bits. A 256-bit key means there are 2²⁵⁶ possible combinations — a number so large that if every atom in the observable universe were a computer trying a billion keys per second, they still wouldn't exhaust all possibilities before the heat death of the universe.
That's not hyperbole. That's mathematics.
Symmetric vs. asymmetric encryption
AES is symmetric encryption: the same key encrypts and decrypts data. This is different from asymmetric encryption (like RSA), which uses a key pair (public + private).
For local file encryption, symmetric is the right choice:
- Faster — symmetric encryption is orders of magnitude faster than asymmetric
- Simpler — one key to manage, not two
- Perfect for single-user scenarios — there's no need to share a public key when you're both the sender and receiver
How Writtt uses it: the full chain
Here's the exact sequence when you encrypt a document in Writtt:
1. Password → Key (PBKDF2)
Your password isn't used directly as the encryption key. Instead, it goes through PBKDF2 (Password-Based Key Derivation Function 2):
- A random salt is generated (unique per document)
- Your password + salt are hashed repeatedly (thousands of iterations)
- The output is a 256-bit encryption key
This serves two purposes: it makes brute-force attacks exponentially slower, and it ensures the same password produces different keys for different documents (because the salt is different).
2. Encryption (AES-256-GCM)
The derived key encrypts your document content using AES-256-GCM (Galois/Counter Mode):
- GCM provides both confidentiality (data is unreadable) and integrity (tamper detection)
- A random IV (Initialization Vector) ensures the same content encrypted twice produces different ciphertext
- The output is ciphertext + authentication tag
3. Storage
The encrypted file contains:
- The salt (needed to re-derive the key)
- The IV (needed for decryption)
- The ciphertext (your encrypted content)
- The authentication tag (proves the data hasn't been modified)
Your password is never stored anywhere. The key exists only in memory during the encryption/decryption operation and is discarded immediately after.
What "local encryption" changes
Most services that advertise AES-256 encrypt your data on their servers. This means:
- They hold the encryption keys (or can derive them)
- They can decrypt your data for maintenance, legal compliance, or AI training
- A server breach exposes both the data and the keys
Local encryption is fundamentally different:
| Server encryption | Local encryption | |
|---|---|---|
| Key location | Their server | Your device only |
| Who can decrypt | The service provider | Only you |
| Network exposure | Data transits over networks | Data never leaves your disk |
| Subpoena risk | Provider can be compelled | Nothing to compel from third party |
| Breach impact | Millions of users exposed | Only your physical device |
When Writtt encrypts a file, the entire operation happens on your CPU. No key, no plaintext, and no metadata ever touches a network interface. The encrypted file on your disk is indistinguishable from random noise without your password.
Common misconceptions
"Cloud encryption is just as secure" Cloud providers encrypt data "at rest" and "in transit" — but they hold the keys. This is like a hotel putting your valuables in their safe and keeping the master key. It protects against external threats, not against the hotel itself.
"If I lose my password, the service can recover my data" If a service can recover your data without your password, they have access to your encryption keys. This is a feature for them, but a vulnerability for you.
"Encryption slows everything down" Modern CPUs have hardware AES acceleration (AES-NI instruction set). Encrypting a document adds microseconds — literally imperceptible.
"I have nothing to hide" Privacy isn't about hiding. It's about controlling who has access to your thoughts, your drafts, your unfinished ideas. Would you write the same journal entry if your employer, your ex, or a random hacker could read it?
The bottom line
AES-256 is genuinely strong encryption — when implemented correctly. But the implementation matters as much as the algorithm. Local encryption with PBKDF2 key derivation, unique salts, random IVs, and zero network calls is the most secure configuration possible for personal documents.
It's also the simplest to reason about: your file is on your disk, encrypted with your password, and no one else has the key. No trust required.
Writtt uses AES-256-GCM with PBKDF2 key derivation for its encrypted vault. The complete implementation is open source. Download Writtt or view the source code.