SecureMint
Security

Beyond PPAP — Secure File Sharing

PPAP — sending a password-protected ZIP via email followed by the password in a separate email — has been widely used in Japan. However, it carries significant security risks. SecureMint offers a safer, simpler alternative.

What is PPAP?

  1. P — Send a Password-protected ZIP file
  2. P — Send the Password in a separate email
  3. A — Encrypt (Angou in Japanese)
  4. P — Protocol

* This practice was widespread in Japanese business, but the Cabinet Office announced its discontinuation in 2020.

Problems with PPAP

1

Password sent over the same channel

Both the ZIP file and password travel through the same email channel. An attacker who intercepts one can intercept both, rendering the protection meaningless.

2

Weak ZIP encryption

Standard ZIP encryption (ZipCrypto) is vulnerable to known-plaintext attacks. Even AES-256 ZIP encryption can be brute-forced if the password is weak.

3

Bypasses virus scanning

Encrypted ZIP files bypass email gateway virus scanning. Malware like Emotet has exploited this vector to spread through corporate networks.

4

No audit trail

There is no way to track who downloaded the file or how many times it was accessed. Data leaks go undetected.

How SecureMint Solves This

🔐

End-to-End Encryption

AES-256-GCM encryption runs entirely in your browser. The decryption key is stored in the URL fragment (#), which is never sent to the server.

🔗

Separate key delivery

Encrypted files travel through the server; the decryption key is embedded in the URL. The file and key travel through separate channels, solving PPAP's fundamental flaw.

Auto-expiry & download limits

Set expiry times and download limits on every link. Expired files are automatically deleted.

📊

Download logs (Pro)

Track who downloaded and when. Detect potential data leaks early.

Comparison

FeaturePPAPSecureMint
EncryptionZipCrypto / AES-ZIPAES-256-GCM
Key deliverySame email channelURL fragment (separate)
Virus scanningBypassedNot affected
Expiry controlNone1 hour to 30 days
Download limitNoneCustomizable
Audit trailNoneDownload logs (Pro)
Software neededZIP extractorBrowser only

Replace PPAP in 3 Steps

1

Drag & drop your file

Drop your file on the Secure File Sharing page. It's encrypted with AES-256 right in your browser.

2

Copy the share link

A share link is generated after encryption. The decryption key is embedded in the URL and never sent to the server.

3

Send the link to your recipient

Send the link via email or chat. Recipients just click to download — no app installation needed.

Try It NowView Detailed Guide

Free to try, no registration required