The need for loading the file into memory comes down to WebCrypto's AES-GCM being one-shot: crypto.subtle.encrypt calculates a single auth tag over the entire message and there's no incremental/update() API, so the whole file has to be one contiguous buffer.

The fix is chunked AEAD (per-chunk IV+tag), encrypting/decrypting a chunk at a time. It's on the roadmap, just haven't gotten around to it yet: https://gitlab.com/PavelSafronov/engye#large-file-support-st...

That feature is also a good opportunity to switch to FileSystemWritableFileStream/Blob for writes, which will reduce the memory requirements when writing files to disk.