MIUI Decrypt illustration: visualizing the moment an LSA viewer unlocks the encrypted container and exposes the photo inside.
You received or exported an .lsa file and double-clicked it — and nothing happened. Windows Photo Viewer, Apple Photos, Google Photos, and every other standard image app refused to open it. That is not a bug on your side. An .lsa file is not a plain image. It is an encrypted container created by Xiaomi's MIUI Gallery Secret Album feature, and opening it requires a purpose-built LSA viewer that understands the encryption layers inside.
This guide explains exactly what an .lsa file contains, why regular viewers reject it, and how to view the photos inside using LSA Decrypt — no Xiaomi device or MIUI installation required.
What is an .lsa file?
LSA stands for Local Storage Archive. Xiaomi's MIUI Gallery introduced the Secret Album feature to store private photos in an encrypted vault on the device. When you export or extract files from that vault — either manually, via ADB, or by locating them in the MIUI/Gallery/cloud/secretAlbum/ directory — each photo is wrapped in an.lsa container file.
Internally, an .lsa file is a ZIP-like archive with two key components: an encrypted binary payload (.bin) and a JSON metadata block (.meta). The payload holds the raw image bytes locked behind AES-256-GCM. The metadata block stores the salt, initialization vector (IV), key version identifier, original filename, MIME type, and an HMAC-SHA256 integrity signature. Without the metadata block a viewer cannot even begin the decryption — and without the correct AES key it cannot complete it.
Because the encryption key is derived from device-specific secure storage tied to your MIUI account, the file looks like random bytes to any app that does not understand the MIUI key derivation path. Our detailed .lsa format guide breaks down every field in the container if you want the technical deep-dive.
Why standard photo viewers can't open .lsa files
Photo viewers — from the built-in Windows Photos app to professional tools like Lightroom — identify file types by reading the first few bytes of the file, known as the magic number. JPEG files start with FF D8 FF; PNG files start with 89 50 4E 47. An .lsa container does not start with any of these magic numbers because the first bytes belong to the ZIP-style container header, not a raw image.
Even if a viewer tried to treat the file as a ZIP archive and extract the.bin payload, it would still see random-looking encrypted bytes. AES-256-GCM produces ciphertext with no visible structure. There is no pixel data to render, no EXIF header to parse, and no color profile to detect until decryption is complete.
Renaming the file from photo.lsa to photo.jpg does not help either — the bytes inside are still encrypted regardless of the extension. The same logic applies to LSAV files used for videos; read more in our Secret Album encryption explainer.
A genuine LSA file viewer must:
- Parse the ZIP-like container and locate the
.meta and .bin entries. - Read the JSON metadata to extract the salt, IV, and key ID.
- Reconstruct the MIUI key derivation path using the salt and key ID.
- Verify the HMAC-SHA256 integrity signature before attempting decryption.
- Run AES-256-GCM decryption on the payload.
- Decode the resulting bytes into a viewable image format (JPEG, HEIC, PNG).
LSA Decrypt handles all six steps automatically once you upload the file.
How to view photos inside an .lsa file
The steps below walk you through the complete process from upload to viewable image. There is no software to install and no Xiaomi account login required.
- Confirm the file is a genuine MIUI Secret Album export. Check that the extension is exactly
.lsa and that the file is at least a few kilobytes in size. Files under 1 KB are likely placeholder or index files rather than photo containers. - Visit the decrypt page. Go to lsadecrypt.online/en/decrypt and drag the
.lsa file into the upload zone. You can also click "Select file" and browse to the file on your computer. If you have multiple files, ZIP them together first — the service processes each contained .lsa file in sequence. - Let metadata validation run. The service reads the container header, checks the HMAC signature, and confirms the key ID format matches a known MIUI version. This typically completes in a few seconds. The real-time status stream shows each validation step so you can follow along.
- Preview the photo. Once decryption finishes, a preview panel loads. You can zoom in and verify the image is what you expected before committing to a download.
- Download the result. Click the download icon to save the photo as a standard image file. The download link stays active for 24 hours; after that the server removes the temporary files automatically.
If the file fails validation, see our MIUI Gallery troubleshooting guide for common error codes and what they mean.
Open .lsa files on Windows, Mac, or Linux
Because LSA Decrypt runs entirely in the browser, the operating system does not matter. The same upload-and-decrypt flow works identically on:
- Windows 10 / 11 — use Chrome, Edge, or Firefox. Connect your Xiaomi phone with a USB cable in File Transfer (MTP) mode, browse to
Internal Storage > MIUI > Gallery > cloud > secretAlbum, and copy the .lsa files to your desktop before uploading. - macOS — use Safari or Chrome. You may need Android File Transfer or OpenMTP to browse the phone's storage over USB. Alternatively, copy the files to Google Drive or Dropbox from the phone and download them to your Mac.
- Linux — MTP support is built into most desktop environments via gvfs-mtp. Mount the device, copy the files, and upload from any Chromium-based browser.
- Mobile browser (Android / iOS) — the upload zone works on mobile, though the file picker on iOS may not show files from Android apps. It is easier to copy the
.lsa files to a computer first.
If your phone will not boot and you cannot reach the files normally, our guide on recovering Secret Album files from a non-booting Xiaomi covers ADB, TWRP, and EDL extraction methods.
After viewing: keep your photos accessible
Decrypting an .lsa file produces a standard JPEG or HEIC that any photo app can open without further intervention. At that point the Secret Album protections are gone, so treat the output file the same way you would any sensitive photo.
A few practical tips for staying organized:
- Rename the output file immediately. LSA Decrypt restores the original filename MIUI stored in the metadata, but that name may be a long UUID. Rename it to something meaningful as soon as you download.
- Back up to an encrypted cloud service. Now that the file is decrypted, it no longer has MIUI's encryption protecting it. Use a cloud storage provider that offers client-side encryption, or store a local copy on an encrypted drive.
- Re-import to Secret Album if you still want privacy. If your device is working again and you only decrypted to view or verify the file, you can drag the decrypted JPEG back into MIUI Gallery's Secret Album. MIUI will re-encrypt it automatically.
- Delete the temporary download after archiving. The 24-hour download link on our service expires automatically, but make sure to also remove the copy from your Downloads folder once you have safely archived it.
For more on securing your photos after recovery, see the Xiaomi privacy and security guide.
MIUI Decrypt Support publishes practical guidance for MIUI Secret Album recovery, Xiaomi privacy, and .lsa/.lsav troubleshooting so users can make informed decisions before they upload.
Every blog article is designed to match the product experience: clear explanations, realistic recovery expectations, and a direct path back to the decrypt workflow.
