I built FileBit because I wanted to encrypt files on my Mac without creating an account or trusting a third party with anything. Every existing solution I tried either required a subscription, phoned home, or had a vague privacy policy. FileBit stores encrypted files locally in ~/Library/Application Support/FileBit/Vault/. Original filenames are packed inside the encrypted blob so the vault directory reveals nothing about contents. Technical details:

AES-256-GCM via Apple CryptoKit (hardware-accelerated) PBKDF2-SHA256 key derivation, 600k iterations Touch ID unlock vault key stored in Keychain with Secure Enclave biometric access control SHA-256 checksum stored in metadata, verified on every export 3-pass overwrite shredding (0x00, 0xFF, random bytes via SecRandomCopyBytes) Full App Sandbox with no network entitlements the app cannot make network requests

One tricky part: CryptoKit doesn't expose PBKDF2 directly so I had to bridge to CommonCrypto for key derivation then hand the key back to CryptoKit. Also spent a lot of time getting SecAccessControlCreateFlags right for Touch ID with password fallback the docs are sparse. macOS 15+ required.

Available on the Mac App Store.

https://apps.apple.com/us/app/filebit-encrypt-lock-files/id6...