Folder policy
A folder can carry a client-side encryption policy. When the policy is active, new uploads into that folder are encrypted in the browser if the user has unlocked the encryption vault. Child folders can inherit the policy, so a protected tree stays protected during normal drag-and-drop work.
- The policy flag lives in node metadata.
- Uploads are blocked with a clear vault-locked error when encryption is required.
- Existing plaintext files can be encrypted later from the folder actions.
Vault and recovery
Client-side encryption is unlocked with an encryption password or a 24-word recovery phrase. The password is separate from the account password and is not sent to the server, which means the server cannot reset access to encrypted files if both recovery paths are lost.
Opaque server payload
Encrypted uploads use a Cotton container blob with a generated opaque server-side file name. The visible filename and content type are stored as encrypted display metadata, so the UI can recover the real name after unlock without exposing it as plain server metadata.
- File metadata marks encrypted files with isClientEncrypted.
- Display metadata is encrypted separately with a derived metadata key.
- Downloads decrypt in the browser before opening or saving the file.
Current size guard
The current browser E2E path is Blob-based and guarded at 512 MB per encrypted file. That limit is intentionally visible because it prevents a browser tab from turning client-side encryption into a memory problem before the streaming pipeline replaces it.
How it layers with storage encryption
After the browser encrypts an E2E file, Cotton still stores that ciphertext through the normal content-addressed, compressed, encrypted storage pipeline. The two layers solve different problems: E2E protects selected content from server-side plaintext handling, while storage encryption protects persisted chunks and backup artifacts.
What remains honest
E2E should be marketed as selected client-side encrypted folders/files, not as a blanket claim that every feature is browser-only encrypted. Shares, previews, search behavior, and metadata visibility should be documented feature by feature as the E2E surface expands.
Client-side encryption proof
The E2E surface has real moving parts: folder policy metadata, browser vault unlock, encrypted display metadata, opaque server-side file names, browser-side decrypt on download, and a visible 512 MB guard for the current Blob path.
Useful E2E without theater
Cotton gives users a focused place for the files that should be encrypted before the server ever handles plaintext, without pretending that every product feature already has the same E2E semantics.
Where the boundary is today
Client-side encryption currently fits selected folders and guarded file sizes. Lost vault credentials can make encrypted content unrecoverable, and features around previews, shares, and search need explicit E2E behavior rather than vague promises.