SecureEU Desktop: Open Source, Hardware-Accelerated & Extension-Free

We built SecureEU Desktop as a standalone Windows application that provides the same end-to-end encrypted file transfer as the web version — but with hardware-accelerated encryption, parallel chunk uploads, and complete isolation from browser extensions. Here’s a look under the hood.

Architecture Overview

SecureEU Desktop is a WPF application built on .NET 10, using the MVVM pattern with CommunityToolkit.Mvvm. It ships as a single self-contained .exe — no .NET runtime installation required, no installer, no admin privileges. Just download, double-click, and start transferring files.

AES-NI: Hardware-Accelerated Encryption

The web version uses the WebCrypto API, which is implemented in native code but still runs within the browser’s JavaScript engine constraints. The desktop app uses .NET’s System.Security.Cryptography.AesGcm, which directly leverages AES-NI hardware instructions on modern Intel and AMD CPUs.

The result: encryption throughput is significantly higher, especially for large files. Files are split into 5 MB chunks, each encrypted with a unique nonce derived from the chunk index, and uploaded as independent encrypted blobs.

Parallel Chunk Uploads

Instead of encrypting and uploading one chunk at a time, SecureEU Desktop uses a producer–consumer pipeline:

1. A producer reads and encrypts chunks sequentially from disk
2. Encrypted chunks are queued into a Channel<T>
3. Multiple consumer tasks (controlled by SemaphoreSlim) upload chunks in parallel

Free transfers get 3 parallel connections; paid tiers get 10. This means your upload speed is limited only by your internet connection, not by sequential processing.

Extension-Free: Why It Matters

The single biggest security advantage of a desktop app over a browser-based solution is the absence of browser extensions. In a browser, any extension with “read and change all your data on websites” permission (which is most of them) can:

• Read encryption keys from JavaScript variables or the DOM
• Intercept file data before it’s encrypted
• Modify the page’s JavaScript to weaken or bypass encryption
• Exfiltrate data to external servers silently

SecureEU Desktop runs in its own isolated OS process. No browser extension, no injected script, and no other tab can observe or interfere with the encryption pipeline.

DPAPI-Encrypted Local History

The desktop app keeps a local history of your transfers — file names, download links, timestamps — so you can quickly access past transfers. This history is encrypted at rest using the Windows Data Protection API (DPAPI), which ties the encryption to your Windows user account. Even if someone copies the history file off your machine, they can’t decrypt it without your credentials.

Full Feature Parity

Everything you can do on the web version, you can do in the desktop app:

• Password protection
• Custom sender message
• Brand logo and colour on the download page
• Download limits
• Link revocation
• Email delivery (up to 20 recipients)
• Download notifications
• Save link as .txt
• Speed boost (10× parallel connections)

Open Source & Auditable

The entire desktop app — every view, every view-model, every service — is open source under the MIT license. You can inspect the encryption code, the API calls, the history storage, and the UI layer. Nothing is hidden, nothing is obfuscated.

The source code is available at github.com/nugo-cell/secureeu.desktop.