developer coding user risk: medium
Client-Side Web Crypto File Encryption Tool
Create a client-side file encryption tool using HTML5, CSS3, and JavaScript with the Web Crypto API, including drag-and-drop interface, AES-256-GCM encryption with PBKDF2 key deriv…
- Policy sensitive
- Human review
PROMPT
Create a client-side file encryption tool using HTML5, CSS3, and JavaScript with the Web Crypto API. Build a drag-and-drop interface for file selection with progress indicators. Implement AES-256-GCM encryption with secure key derivation from passwords (PBKDF2). Add support for encrypting multiple files simultaneously with batch processing. Include password strength enforcement with entropy calculation. Generate downloadable encrypted files with custom file extension. Create a decryption interface with password verification. Implement secure memory handling with automatic clearing of sensitive data. Add detailed logs of encryption operations without storing sensitive information. Include export/import of encryption keys with proper security warnings. Support for large files using streaming encryption and chunked processing.
EXPECTED OUTPUT
- Format
- html
SUCCESS CRITERIA
- Build drag-and-drop interface for file selection with progress indicators
- Implement AES-256-GCM encryption with PBKDF2 key derivation
- Support batch processing for multiple files
- Enforce password strength with entropy calculation
- Generate downloadable encrypted files with custom extension
- Create decryption interface with password verification
- Implement secure memory handling with auto-clearing
- Add detailed logs without sensitive information
- Include export/import of encryption keys with security warnings
- Support large files using streaming and chunked processing
FAILURE MODES
- Using non-Web Crypto API for encryption
- Insecure password derivation without PBKDF2
- Lack of streaming causing memory issues for large files
- Exposing sensitive data in logs or memory
- Weak password strength enforcement
- Server-side processing instead of client-side
CAVEATS
- Missing context
-
- Output format (e.g., single HTML file, code structure).
- Browser compatibility requirements.
- UI layout and styling details (e.g., responsive design).
- Error handling and user feedback mechanisms.
- Ambiguities
-
- Custom file extension not specified.
- Password strength thresholds undefined.
- Details on log display location unclear.
- Export/import of encryption keys conflicts with password-based derivation; unclear what keys to export.
QUALITY
- OVERALL
- 0.75
- CLARITY
- 0.90
- SPECIFICITY
- 0.95
- REUSABILITY
- 0.30
- COMPLETENESS
- 0.80
IMPROVEMENT SUGGESTIONS
- Specify output as 'a single self-contained HTML file with embedded CSS and JS'.
- Define password strength criteria, e.g., 'Require minimum 12 characters, entropy > 50 bits'.
- Clarify key export: 'Export salt and optional derived key with warnings about storage risks'.
- Add 'Ensure progressive enhancement and fallback for older browsers'.
USAGE
Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.
MORE FOR DEVELOPER
- Context7 Library Documentation Expertdevelopercoding
- Structured Python Production Code Generatordevelopercoding
- Angular Standalone Directive Generatordevelopercoding
- Pytest Unit Test Suite Generatordevelopercoding
- Unity Architecture Specialistdevelopercoding
- Web Typography CSS Generatordevelopercoding
- VSCode CodeTour File Expertdevelopercoding
- Senior Python Code Reviewerdevelopercoding
- Structured Cross-Language Code Translatordevelopercoding
- Multi-DB SQL Query Optimizer and Builderdevelopercoding