{"id":13495176,"url":"https://github.com/AndrewPaglusch/FlashPaper","last_synced_at":"2025-03-28T16:31:42.679Z","repository":{"id":20828901,"uuid":"91034989","full_name":"AndrewPaglusch/FlashPaper","owner":"AndrewPaglusch","description":"One-time encrypted password/secret sharing","archived":false,"fork":false,"pushed_at":"2024-07-22T23:29:26.000Z","size":628,"stargazers_count":362,"open_issues_count":9,"forks_count":58,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-08-01T19:54:14.687Z","etag":null,"topics":["aes","aes-256","bcrypt","ciphertext","destruct","destructing","disposable","encryption","message","one-time","one-time-secret","password","php","private","secret","security","sqlite","webapp","zero-knowledge"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AndrewPaglusch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-12T00:33:45.000Z","updated_at":"2024-08-01T11:20:28.000Z","dependencies_parsed_at":"2024-03-02T05:24:28.897Z","dependency_job_id":"b1600caa-75b8-4f7e-933b-5cd7496bd6c8","html_url":"https://github.com/AndrewPaglusch/FlashPaper","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndrewPaglusch%2FFlashPaper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndrewPaglusch%2FFlashPaper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndrewPaglusch%2FFlashPaper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndrewPaglusch%2FFlashPaper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AndrewPaglusch","download_url":"https://codeload.github.com/AndrewPaglusch/FlashPaper/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222395727,"owners_count":16977613,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes","aes-256","bcrypt","ciphertext","destruct","destructing","disposable","encryption","message","one-time","one-time-secret","password","php","private","secret","security","sqlite","webapp","zero-knowledge"],"created_at":"2024-07-31T19:01:32.043Z","updated_at":"2024-10-31T10:30:37.347Z","avatar_url":"https://github.com/AndrewPaglusch.png","language":"PHP","readme":"# FlashPaper\nA one-time encrypted zero-knowledge password/secret sharing application focused on simplicity and security. No database or complicated set-up required.\n\n[![Docker](https://github.com/AndrewPaglusch/FlashPaper/actions/workflows/docker_publish.yml/badge.svg)](https://github.com/AndrewPaglusch/FlashPaper/actions/workflows/docker_publish.yml)\n\n## Demo\n\nhttps://flashpaper.io\n\n![Picture of Main Page](https://i.imgur.com/KIs9fjE.png)\n\n## Installation\n\n### Docker *(Recommended)*\n  The latest release of FlashPaper is available at [`ghcr.io/andrewpaglusch/flashpaper`](https://ghcr.io/andrewpaglusch/flashpaper).\n  1. Download [docker-compose.yml](https://raw.githubusercontent.com/AndrewPaglusch/FlashPaper/master/docker-compose.yml) from this repo\n  2. Edit `docker-compose.yml` with your customizations\n  3. Run `docker-compose up -d` to start FlashPaper\n  4. Set up a reverse-proxy in front of FlashPaper that terminates SSL/TLS\n\n#### Building an Image\n  You can build your own image using the provided Dockerfile in the `docker/` folder.\n\n  In order to build FlashPaper, run `docker build . -t flashpaper -f docker/Dockerfile`. If you would like to build FlashPaper for a different CPU architecture, replace `docker/Dockerfile` with the appropriate Dockerfile.\n  You can also build via docker-compose by replacing the `image:` line in [docker-compose.yml](https://github.com/AndrewPaglusch/FlashPaper/blob/master/docker-compose.yml) with the following (make sure to choose the Dockerfile for your architecture):\n  \n  ```\n  build:\n      context: .\n      dockerfile: docker/Dockerfile\n  ```\n\n### Traditional\n  **Requirements:** PHP 7.0+ and a web server\n  1. Download and extract the [latest release](https://github.com/AndrewPaglusch/FlashPaper/releases/latest) of FlashPaper to the document root of your web server\n  2. Copy `settings.example.php` to `settings.php` and make customizations to that file\n  3. Disable access logging in your web server's configuration so nothing sensitive (IP addresses, user agent strings, timestamps, etc) are logged to disk\n\n## How It Works\n### Submitting Secret\n  1. `\u003crandom\u003e--secrets.sqlite` sqlite database created (if it doesn't already exist)\n  2. `\u003crandom\u003e--aes-static.key` randomized 256-bit AES static key created (if one doesn't exist already)\n  3. Random 256-bit AES key created\n  4. Random 128-bit IV created\n  5. Random 64-bit ID created\n  6. ID + AES key hashed with bcrypt \n  7. Submitted text encrypted with AES-256-CBC using AES key and random IV\n  8. Ciphertext now encrypted with AES-256-CBC using static AES key and random IV\n  9. ID and AES key joined (known as `k`)\n  10. Random prune date/time generated using `prune`-\u003e`min_days`/`max_days`\n  11. ID, IV, bcrypt hash, ciphertext, and prune epoch stored in DB\n  12. `k` value returned to user in one-time URL\n\n### Retrieving Secret\n  1. `k` value removed from URL\n  2. `k` value split into two parts: ID and AES key\n  3. IV, bcrypt hash, ciphertext looked up in DB with ID from `k`\n  4. `k` bcrypt hash compared against bcrypt hash from DB (prevents tampering of URL)\n  5. Ciphertext decrypted with static AES key and IV\n  6. Ciphertext decrypted with AES key from `k` and IV\n  7. Entry deleted from DB\n  8. Decrypted text sent to user\n\n## Submitting Secrets via the API (with `curl`)\n\nFlashPaper can accept secret submissions through a simple API. The retrieval URL will be returned in a JSON object. \n\nHere's what it looks like to submit a secret with `curl`:\n```\n$ curl -s -X POST -d \"secret=my secret\u0026json=true\" https://flashpaper.io\n{\"url\":\"https://flashpaper.io/?k=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"}\n```\n\n## Settings\n\n### `prune`:\n - `enabled`: Turn on/off auto-pruning of old secrets from the database upon page load\n - `min_days`/`max_days`: When a secret is submitted, a random date/time is generated between `min_days` and `max_days` in the future. After that date/time has elapsed, the secret will be pruned from the database if `enabled` is set to `true`. This is to prevent your database from being filled with secrets that are never retrieved. NOTE: Even if `enabled` is set to `false`, the prune value will still be generated and stored in the database, but secrets will not be pruned unless `enabled` is switched to `true`.\n\n### `base_url`:\nFlashPaper will try to generate the secret retrieval URL based on information provided by the upstream webserver. This process isn't always 100% accurate. If the secret retrieval URL that FlashPaper creates isn't correct for your setup (this usually happens when you're using a reverse proxy upstream), you can manually specify the URL that FlashPaper will use. For example: A `base_url` of \"https://foo.com/flashpaper\" will result in retrieval URLs like \"https://foo.com/flashpaper/?k=xxxxxxxxxxxxx\".\n\n### `display_logo`:\n - `true`: The logo set in `site_logo` (either a file path or a URL) will be displayed at the top of the page. If `site_logo` isn't set, the default FlashPaper logo at `img/logo.png` will be displayed\n - `false`: No logo will be displayed on your FlashPaper instance\n\n### `display_title`:\n - `true`: The setting `site_title` will be displayed at the top of the page. If `display_logo` is enabled, the text will appear to the right of the logo. \n - `false`: The setting `site_title` will not be displayed.\n\n## Donations\n\nPayPal: https://paypal.me/AndrewPaglusch\n\nBitCoin: 1EYDa33S14ejuQGMhSjtBUmBHTBB8mbTRs\n\nDonations are not expected, but they are very appreciated!\n","funding_links":["https://paypal.me/AndrewPaglusch"],"categories":["PHP","Install from Source","Software"],"sub_categories":["Pastebins"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FAndrewPaglusch%2FFlashPaper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FAndrewPaglusch%2FFlashPaper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FAndrewPaglusch%2FFlashPaper/lists"}