Skip to content

Sodium-Hydrogen/Private-Notes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

This is still in development

Self-Destructing End-to-End Encrypted Note Sharing

This is a Javascript / PHP e2e encrypted note sharing service that encodes nessesary information about the note into a single easy to share URL. Since this note uses URL hashes the information to decrypt the note is never sent to the server. All encryption and sensitive information remains in the browser and the encrypted note without the decryption key sent to the server.

For ease of setup it plug and plays with my framework so all setting can be configured via the framework's interface.

Optionally if you don't want to setup this in standalone mode you can set $framework_path to an empty string and it will read from the config variables at the top of the php file.

About

For the client side javascript libraries this uses:

  • lz-string v1.4.4
    • This is for compressing the message
  • crypto-js v4.0.0
    • This does all the encrypting and decrypting
  • qrcodejs
    • This generates a QR code for easy URL sharing

For installation this downloads and uses vetted versions and will only run them if the hash of the file matches the provided javascript hash. They are currently:

File SHA-256 Hash
qrcodejs/qrcode.js Puct6facZo+VZzY6k1jflVlguukADZ69ZkFGcPiOhzU=
lz-string/libs/lz-string.js VKnqrEjU/F8ZC4hVDG+ULG96+VduFx/l3iTBag26gsM=
crypto-js/crypto-js.js u605MhHOcevkqVw8DJ2q3X7kZTVTVXot4PjxIucLiMM=
secrets/script.js NxmF615nq4cn2rDeC/G+a9iblJsOvLOrrgcM5Nseoa0=
secrets/style.css 8oSW4QhPKEbdBAh8SLtqvRj+hYn2nkqL69mRDjTXEJU=

If you find any security holes please open an issue or pull request detailing the hole so it can get patched.