Evertime I have to share secrets, notes with other parties which are not in my company, I have to think about how to do it. Secret stores are sometimes not feasable or simple to use. I dont trust some shady sites were you can exaktly do that.
So I though how would I do it? I liked the idea of client side encrpytion and using the backend as “dump” datastore which will and cannot interfer into the whole prozess of encryption. I was exited to dive into the world of encrpytion.
This is a two week project. So the feature set is small but I think it is all you need if you want to share some stuff fast and easy.
- client side encryption
- message and payload (for files)
- self destruction after time
email notification on read/destruction
- share with url only (link only)
- share with two factor (passphrase and link)
The backend does not much. It stores the encrypted message in an redis instance until it is retrieved again. It is writen in Express.js.
The self destruction of the message is implemented trough the TTL feature of redis.
Most of the work happens here. It’s a small vue 3 project, which is utilising the Web Crypto Api of modern browsers to do the encryption/decryption on the frontend.
More advanced description will follow… you can track the progress on Github.