Breadroll 🥖
End-to-end encrypted client photo galleries — self-hostable on $3/month shared PHP hosting. The server never sees your photos. Not the images, not the thumbnails, not the filenames, not the keys.
Source on GitHubHow it works
- The photographer creates a gallery in their browser. A
high-entropy code is generated — something like
K7QM-W3RV-PD9A-XH2T(~80 bits). The code is the key material; it never reaches the server. - Photos are thumbnailed and encrypted in the browser (AES-256-GCM via WebCrypto) before upload. The server receives opaque blobs with opaque names.
- The photographer sends the code to the client — same workflow as any gallery service.
- The client enters the code. Their browser derives the key (PBKDF2-SHA256, 600k iterations), fetches the blobs, and decrypts locally. “Download all” builds the zip in the browser too.
What your host can see
| Typical gallery service | Breadroll | |
|---|---|---|
| Your photos | everything | ciphertext only |
| Filenames / EXIF | yes | encrypted manifest |
| Gallery codes | yes | peppered hash of a hash |
| Who downloads when | yes | traffic metadata only |
Honest trade-offs
E2EE means the server is deliberately dumb: no server-side thumbnails, no watermarking, no image processing, and no code recovery — a lost gallery code means re-creating the gallery. Like all web-delivered E2EE, you are trusting the JavaScript served to you; releases are versioned and the full threat model is documented in the repository.
Status
Early development, building in the open. Core crypto and the encrypted studio upload path are live; the client gallery view is next. This site (bread-roll.com) is the development deployment.