FlashPaper logo

FlashPaper

  •  0 ratings
In category: Pastebins

About FlashPaper

A one-time encrypted zero-knowledge password/secret sharing application focused on simplicity and security. No database or complicated set-up required.

  •   591  
  •   0  
  •   0  
  •   0  
Github stats:
  •  Commits: N/A  
  •   N/A  
  •   N/A  
  •  Latest commit: N/A  

Deploy this app to Linode with a free $100 credit!

Languages/Platforms/Technologies:
Lincenses:

More about FlashPaper

FlashPaper

A one-time encrypted zero-knowledge password/secret sharing application focused on simplicity and security. No database or complicated set-up required.

Docker

Demo

https://flashpaper.io

Picture of Main Page

Installation

Docker (Recommended)

The latest release of FlashPaper is available at ghcr.io/andrewpaglusch/flashpaper. 1. Download docker-compose.yml from this repo 2. Edit docker-compose.yml with your customizations 3. Run docker-compose up -d to start FlashPaper 4. Set up a reverse-proxy in front of FlashPaper that terminates SSL/TLS

Traditional

Requirements: PHP 7.0+ and a web server 1. Download and extract the latest release of FlashPaper to the document root of your web server 2. Copy settings.example.php to settings.php and make customizations to that file 3. Disable access logging in your web server's configuration so nothing sensitive (IP addresses, user agent strings, timestamps, etc) are logged to disk

How It Works

Submitting Secret

  1. <random>--secrets.sqlite sqlite database created (if it doesn't already exist)
  2. <random>--aes-static.key randomized 256-bit AES static key created (if one doesn't exist already)
  3. Random 256-bit AES key created
  4. Random 128-bit IV created
  5. Random 64-bit ID created
  6. ID + AES key hashed with bcrypt
  7. Submitted text encrypted with AES-256-CBC using AES key and random IV
  8. Ciphertext now encrypted with AES-256-CBC using static AES key and random IV
  9. ID and AES key joined (known as k)
  10. Random prune date/time generated using prune->min_days/max_days
  11. ID, IV, bcrypt hash, ciphertext, and prune epoch stored in DB
  12. k value returned to user in one-time URL

Retrieving Secret

  1. k value removed from URL
  2. k value split into two parts: ID and AES key
  3. IV, bcrypt hash, ciphertext looked up in DB with ID from k
  4. k bcrypt hash compared against bcrypt hash from DB (prevents tampering of URL)
  5. Ciphertext decrypted with static AES key and IV
  6. Ciphertext decrypted with AES key from k and IV
  7. Entry deleted from DB
  8. Decrypted text sent to user

Submitting Secrets via the API (with curl)

FlashPaper can accept secret submissions through a simple API. The retrieval URL will be returned in a JSON object.

Here's what it looks like to submit a secret with curl:

$ curl -s -X POST -d "secret=my secret&json=true" https://flashpaper.io
{"url":"https://flashpaper.io/?k=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}

Settings

prune:

  • enabled: Turn on/off auto-pruning of old secrets from the database upon page load
  • min_days/max_days: When a secret is submitted, a random date/time is generated between min_days and max_days in the future. After that date/time has elapsed, the secret will be pruned from the database if enabled is set to true. This is to prevent your database from being filled with secrets that are never retrieved. NOTE: Even if enabled is set to false, the prune value will still be generated and stored in the database, but secrets will not be pruned unless enabled is switched to true.

base_url:

FlashPaper will try to generate the secret retrieval URL based on information provided by the upstream webserver. This process isn't always 100% accurate. If the secret retrieval URL that FlashPaper creates isn't correct for your setup (this usually happens when you're using a reverse proxy upstream), you can manually specify the URL that FlashPaper will use. For example: A base_url of "https://foo.com/flashpaper" will result in retrieval URLs like "https://foo.com/flashpaper/?k=xxxxxxxxxxxxx".

Donations

PayPal: https://paypal.me/AndrewPaglusch

BitCoin: 1EYDa33S14ejuQGMhSjtBUmBHTBB8mbTRs

Donations are not expected, but they are very appreciated!

Comments (0)

Please login to join the discussion on this project.

FlashPaper Reviews (0)

Overall Rating

None

based on 0 ratings

Please login to review this project.

No reviews for this project yet.

↑ back to top

pCloud Lifetime

Popular Projects

FluxBB

in Social Networks and Forums
 33k    0    0    0  

Nextcloud

in File Transfer & Synchronization
 20k    1    1    0  

Libreddit

in Social Networks and Forums
 7k    0    1    0  

Dashboard

in Personal Dashboards
 6k    0    0    0  

Audiobookshelf

in Audio Streaming
 6k    0    1    0  

CasaOS

in Self-hosting Solutions
 5k    0    0    0  

Mediagoblin

in Photo and Video Galleries
 4k    0    0    0  

Most Discussed

Nextcloud

in File Transfer & Synchronization
 20k    1    1    0  

Tube Archivist

in Automation
 3k    0    1    0  

OneDev

in Project Management
 2k    0    0    0  

iodine

in Proxy
 2k    0    0    0  

Alf.io

in Booking and Scheduling
 2k    0    0    0  

sysPass

in Password Managers
 1k    0    0    0  

Misskey

in Social Networks and Forums
 2k    0    0    0  
Linux VPS from $11/yr.
RackNerd VPS for $11.38/mo

Top Rated Projects

Gitea

 1 rating
in Project Management

Bagisto

 1 rating
in E-commerce

LinkAce

 1 rating
in Bookmarks and Link Sharing

Pydio

 1 rating
in File Transfer & Synchronization

Audiobookshelf

 1 rating
in Audio Streaming

Nextcloud

 1 rating
in File Transfer & Synchronization

Seafile

 1 rating
in File Transfer & Synchronization

Categories

You May Also Be Interested In

Stikked logo
Stikked cover

Stikked

Advanced and beautiful pastebin.

pb logo
pb cover

pb

Lightweight pastebin (and url shortener) built using flask.

cryptonote logo
cryptonote cover

cryptonote

Simple open source web application that lets users encrypt …