GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → AndrewPaglusch → FlashPaper

AndrewPaglusch / FlashPaper

Licence: MIT License
One-time encrypted password/secret sharing

Programming Languages

PHP
23972 projects - #3 most used programming language
shell
77523 projects
Dockerfile
14818 projects

Labels

securityencryptionaessqlitesecretpasswordmessagebcryptwebappone-timeprivateciphertextaes-256disposablezero-knowledgedestructone-time-secretdestructing

Projects that are alternatives of or similar to FlashPaper

Rijndael256
AES cryptographic library for .NET Framework and .NET Core
Stars: ✭ 33 (-61.18%)
Mutual labels:  aes, ciphertext, aes-256
OormiPass
Free open source cross platform password manager
Stars: ✭ 50 (-41.18%)
Mutual labels:  encryption, aes, password
CryptoKnight
CryptoKnight is a general purpose cryptography desktop app
Stars: ✭ 18 (-78.82%)
Mutual labels:  aes, password, bcrypt
crypthash-net
CryptHash.NET is a .NET multi-target library to encrypt/decrypt/hash/encode/decode strings and files, with an optional .NET Core multiplatform console utility.
Stars: ✭ 33 (-61.18%)
Mutual labels:  aes, password, bcrypt
aesCbc
aes-cbc加密解密
Stars: ✭ 68 (-20%)
Mutual labels:  aes, aes-256
bookshelf-secure-password
A Bookshelf.js plugin for handling secure passwords
Stars: ✭ 24 (-71.76%)
Mutual labels:  password, bcrypt
CppSecurity
C++ Security Library
Stars: ✭ 24 (-71.76%)
Mutual labels:  aes, bcrypt
openssl
A functions wrapping of OpenSSL library for symmetric and asymmetric encryption and decryption.
Stars: ✭ 199 (+134.12%)
Mutual labels:  aes, aes-256
archiver-zip-encrypted
Plugin for archiver to create ZIP archives with password using either AES or legacy Zip 2.0 encryption
Stars: ✭ 50 (-41.18%)
Mutual labels:  password, aes-256
ootp
OOTP (Open One-time Password) is a supports multiple programming languages. The generated one-time passwords are fully compliant with HOTP (HMAC-based One-time Password) and TOTP (Time-based One-time Password). 🚀It's easy to use!
Stars: ✭ 17 (-80%)
Mutual labels:  password, one-time
Hemmelig.app
Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.
Stars: ✭ 183 (+115.29%)
Mutual labels:  secret, password
cryptalk
HTML5/Node.js based, client side (E2EE) encrypted instant chat
Stars: ✭ 73 (-14.12%)
Mutual labels:  aes, aes-256
stenc
SCSI Tape Encryption Manager - stenc (formerly on https://sourceforge.net/projects/stenc/)
Stars: ✭ 41 (-51.76%)
Mutual labels:  aes, aes-256
BruteForce
A simple brute forcer written in GO for SHA1, SHA256, SHA512, MD5 and bcrypt
Stars: ✭ 49 (-42.35%)
Mutual labels:  password, bcrypt
bcrypt
BCrypt is a password hashing function
Stars: ✭ 138 (+62.35%)
Mutual labels:  password, bcrypt
secrets
Simple Secret Sharing Service for social and decentralised management of passwords
Stars: ✭ 30 (-64.71%)
Mutual labels:  secret, password
mongoose-pii
A Mongoose plugin that lets you transparently cipher stored PII and use securely-hashed passwords
Stars: ✭ 43 (-49.41%)
Mutual labels:  password, bcrypt
nats
A program to hide file into executable binary.
Stars: ✭ 16 (-81.18%)
Mutual labels:  aes, secret
Sqleet
SQLite3 encryption that sucks less
Stars: ✭ 244 (+187.06%)
Mutual labels:  encryption, sqlite
aes-stream
A fast AES-PRF based secure random-number generator
Stars: ✭ 15 (-82.35%)
Mutual labels:  aes, aes-256
View All Similar Projects ➔

FlashPaper

A one-time encrypted zero-knowledge password/secret sharing application focused on simplicity and security. No database or complicated set-up required.

Demo

https://flashpaper.io

Picture of Main Page

Installation

Docker (Recommended)

  1. Download and extract the latest release of FlashPaper
  2. Edit the docker-compose.yml file with your customizations
  3. Run docker-compose up -d to start FlashPaper
  4. Set up a reverse-proxy in front of FlashPaper that terminates SSL/TLS

Traditional

Requirements: PHP 7.0+ and a web server

  1. Download and extract the latest release of FlashPaper to the document root of your web server
  2. Copy settings.example.php to settings.php and make customizations to that file
  3. Disable access logging in your web server's configuration so nothing sensitive (IP addresses, user agent strings, timestamps, etc) are logged to disk

How It Works

Submitting Secret

  1. <random>--secrets.sqlite sqlite database created (if it doesn't already exist)
  2. <random>--aes-static.key randomized 256-bit AES static key created (if one doesn't exist already)
  3. Random 256-bit AES key created
  4. Random 128-bit IV created
  5. Random 64-bit ID created
  6. ID + AES key hashed with bcrypt
  7. Submitted text encrypted with AES-256-CBC using AES key and random IV
  8. Ciphertext now encrypted with AES-256-CBC using static AES key and random IV
  9. ID and AES key joined (known as k)
  10. Random prune date/time generated using prune->min_days/max_days
  11. ID, IV, bcrypt hash, ciphertext, and prune epoch stored in DB
  12. k value returned to user in one-time URL

Retrieving Secret

  1. k value removed from URL
  2. k value split into two parts: ID and AES key
  3. IV, bcrypt hash, ciphertext looked up in DB with ID from k
  4. k bcrypt hash compared against bcrypt hash from DB (prevents tampering of URL)
  5. Ciphertext decrypted with static AES key and IV
  6. Ciphertext decrypted with AES key from k and IV
  7. Entry deleted from DB
  8. Decrypted text sent to user

Settings

prune:

  • enabled: Turn on/off auto-pruning of old secrets from the database upon page load
  • min_days/max_days: When a secret is submitted, a random date/time is generated between min_days and max_days in the future. After that date/time has elapsed, the secret will be pruned from the database if enabled is set to true. This is to prevent your database from being filled with secrets that are never retrieved. NOTE: Even if enabled is set to false, the prune value will still be generated and stored in the database, but secrets will not be pruned unless enabled is switched to true.

Donations

PayPal: https://paypal.me/AndrewPaglusch

BitCoin: 1EYDa33S14ejuQGMhSjtBUmBHTBB8mbTRs

Donations are not expected, but they are very appreciated!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].