Skip to main content

Getting Started with Shield

Learn how to securely share files and messages using Shield’s trustless architecture.

Prerequisites

Before you begin, make sure you have:
  • MetaMask or another Web3 wallet installed
  • A small amount of ETH on Base Mainnet for gas fees
  • The recipient’s wallet address
If you don’t have Base ETH, you can bridge from Ethereum mainnet or use an on-ramp service.

How to Share a Secure File

Step 1: Upload Your Content

  1. Visit Shield
  2. Click “Create Secure Link”
  3. Choose whether to upload a file or write a message
  4. If uploading a file, select it from your device
  5. If writing a message, type it in the text area
Your content is encrypted with AES-256 in your browser before being uploaded to IPFS.

Step 2: Configure Access Policy

Set the access rules for your secure link:
  1. Recipient Address: Enter the Ethereum address that can access this content
  2. Expiration Time: Set when the link should expire
    • The default is set to 3600 seconds (1 hour) and is customizable based on your preference
  3. Max Verification Attempts: Set how many failed access attempts before self-destructing
    • The default is set to 3 attempts and is customizable based on your preference
Once you set these rules and confirm the transaction, they are immutable and enforced by the smart contract.

Step 3: Sign Transaction & Share

  1. Click “Generate Link”
  2. Your wallet (MetaMask) will prompt you to sign a transaction
  3. Confirm the transaction to create the on-chain access policy
  4. Wait for the transaction to be confirmed on Base
  5. Copy the generated Shield link
  6. Share the link with your recipient via your preferred channel
The link looks like: https://shieldhq.xyz/r/<policyId>

How to Access a Shared File

  1. Click on the Shield link you received
  2. You’ll be redirected to the Shield receiver verification page

Step 2: Connect Your Wallet

  1. Click “Connect Wallet”
  2. Choose your wallet provider (MetaMask, WalletConnect, etc.)
  3. Approve the connection request

Step 3: Sign In with Ethereum (SIWE)

  1. Shield will ask you to sign a message to verify your identity
  2. Click “Sign” in your wallet
  3. This signature proves you own the wallet without making a transaction
This step doesn’t cost any gas - it’s just a cryptographic signature.

Step 4: View Content

If your wallet address matches the recipient address and the policy is still valid:
  1. Shield’s backend verifies your signature with the smart contract
  2. The decryption key is released to your browser
  3. Your browser downloads the encrypted content from IPFS
  4. The content is decrypted locally in your browser
  5. You can now view or download the file/message
The decryption happens entirely on your device. The server never sees your decrypted content.

Security Best Practices

Always double-check the recipient’s wallet address before creating a policy. Smart contract policies are immutable once created.
For highly sensitive content, use shorter expiration times (1-24 hours). For less sensitive content, longer periods are fine.
Set max verification attempts to 3-5 to protect against brute force attacks or unauthorized access attempts.

What’s Next?

Architecture

Learn how Shield’s trustless architecture works

Smart Contract

Explore the on-chain access control mechanism

API Reference

Integrate Shield into your application

Security

Understand Shield’s security model