Features & How It Works

A deeper look at how Necron protects your files

Understand the architecture, explore every feature, and see why Necron is different from other encrypted storage tools.

The Core Concept

What is a vault?

Inside the app

  • Photos
    • school_trip.jpg
    • family_dinner.jpg
  • Documents
    • tax_return_2025.pdf
    • medical_records.docx

You see your real filenames and folder structure.

In your storage locations

  • a3f8c91d.ncrn
  • 7b2e04af.ncrn
  • d1c5f823.ncrn
  • 9e4a16b7.ncrn

Storage providers see only encrypted blobs with random names.

A vault is your private file library inside Necron. You work with a normal-looking file tree, while storage providers only see encrypted data.

The Data Flow

How encryption and storage work together

1

You add files to a vault

Select files or folders from your computer. They stay on your device as plaintext until encryption completes.

2

Necron derives a unique key for each file

Using key material from your USB key drive, a unique 256-bit encryption key is derived per file via HKDF. No two files share the same key.

3

Files are encrypted with XChaCha20-Poly1305

Each file is encrypted and authenticated locally. Filenames and folder structure are also sealed — storage providers see only random-looking names.

4

Encrypted data is written to your mirror locations

The encrypted objects are placed in the storage folders you chose — local folders, external drives, or cloud-synced folders. Multiple locations get identical copies.

5

Vault health is tracked across all mirrors

Necron compares mirrors to detect missing, damaged, or out-of-date copies. If one location has a problem, it can be repaired from a healthy mirror.

Security Boundaries

Threat model — what Necron protects and what it doesn’t

Defends against

  • Cloud provider access to your data
  • Account compromise of one storage provider
  • Silent corruption in one mirrored location
  • Key-data co-location risks
  • File name and metadata leakage to storage providers
  • Tampering with encrypted vault data

Does not defend against

  • Malware on an unlocked endpoint while the vault is open
  • Physical theft of both endpoint and unlocked key drive
  • Loss of all copies of the key drive (data becomes permanently inaccessible)

For a complete technical analysis, read the security whitepaper or download the PDF.

All Features

Everything Necron Vault Manager offers

Necron Vault Manager vault locations panel showing multiple cloud providers with sync status

Multi-Cloud Mirroring

Keep one vault mirrored across multiple storage providers at once. Necron stores and syncs encrypted vault data only — the app presents a usable “view” when you access your files.

Necron Vault Manager vault integrity check with health statistics

Automatic Vault Recovery

If a location goes missing or falls behind, the vault can reconcile and restore from healthy mirrors. Redundancy isn’t just backup — it’s built into the system’s normal operation.

Necron Vault Manager sidebar showing multiple encrypted vaults

Multiple Vaults, Each With Multiple Locations

Create separate vaults for different projects, clients, or risk profiles. Each vault can have its own mirrored locations — mix local + cloud providers however you want.

Necron Vault Manager USB key drive status indicator

Keys Live on Your USB Key Drive

Your encryption keys are stored on a dedicated USB key drive, not on your computer or in the cloud. Keep backup drives to protect against loss — without copying keys onto a device.

Necron Vault Manager file list showing per-file encryption

Per-File Unique 256-bit Keys

Every file gets its own unique 256-bit encryption key derived from your key drive material. Compromise of one file’s key doesn’t cascade to other files.

Necron Vault Manager encryption settings showing XChaCha20-Poly1305

Modern, Quantum-Resilient Primitives

Built on widely vetted cryptography: XChaCha20-Poly1305 for authenticated encryption, HMAC-SHA-256 for integrity checks, and HKDF for key derivation. 256-bit symmetric cryptography is widely considered quantum-resilient for practical threat models.

Necron Vault Manager vault integrity check results

Tamper-Evident Chunking & Hashing

Encrypted data is chunked and hashed, making tampering detectable and reducing useful patterns for an attacker. It’s not just encryption — it’s structured to be hard to analyze and hard to alter silently.

Necron Vault Manager vault security settings with 2FA

Vault-Level Two-Factor Authentication

Add a vault-level second factor so access requires something you have (USB key drive) plus a second verification step (PIN + TOTP). This reduces risk from stolen drives or unattended machines.

Go Deeper

Technical resources

Security Whitepaper

Full technical analysis of the encryption model, key management, and threat boundaries.

Documentation

Step-by-step guides for installation, vault management, encryption, and account setup.

Blog

Technical articles on encryption, air-gapped security, post-quantum design, and more.

Ready to protect your files?

Start with a free account. Upgrade to Pro for USB key drive security when you’re ready.

Get Started →