{"id":16949287,"url":"https://github.com/fmeum/polysafe","last_synced_at":"2025-03-22T13:31:15.508Z","repository":{"id":109347465,"uuid":"162027009","full_name":"fmeum/polysafe","owner":"fmeum","description":"Embed any file into an encrypted, self-decrypting HTML file","archived":false,"fork":false,"pushed_at":"2023-05-03T17:23:59.000Z","size":44,"stargazers_count":40,"open_issues_count":0,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-20T22:15:16.895Z","etag":null,"topics":["encryption","html","javascript","webcrypto"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fmeum.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-16T18:00:55.000Z","updated_at":"2025-02-19T19:56:17.000Z","dependencies_parsed_at":"2024-10-28T13:19:58.177Z","dependency_job_id":"ca8d7e95-1330-4d39-8bec-5f9f406e7710","html_url":"https://github.com/fmeum/polysafe","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmeum%2Fpolysafe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmeum%2Fpolysafe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmeum%2Fpolysafe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmeum%2Fpolysafe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fmeum","download_url":"https://codeload.github.com/fmeum/polysafe/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244962798,"owners_count":20539226,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","html","javascript","webcrypto"],"created_at":"2024-10-13T21:53:46.850Z","updated_at":"2025-03-22T13:31:15.480Z","avatar_url":"https://github.com/fmeum.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PolySafe\n\nEmbed any file into an encrypted, self-decrypting HTML file.\n\n## Features\n\n* Encryption and decryption happen locally in the browser\n* Encrypts arbitrary files (and their filename)\n* Decryptor supports almost all browsers released 2015 or later\n\n## Usage\n\n### Encryption\n\n1. Open a local or hosted copy of `polysafe.html` in your browser.\n2. Select a file, enter a long and complex password and click `Encrypt`.\n3. Store the encrypted, self-decrypting HTML file that will be downloaded.\n4. (Optional) Rename the HTML file if you want to keep the filename secret.\n\n### Decryption\n\n1. Open the generated HTML file in your browser.\n2. Enter the password and click `Decrypt`.\n3. The original file with its original filename will be downloaded.\n\n## Browser support\n\n### Decryptor\n\n* Firefox 34+ (Dec 2014)\n* Chrome 38+, tested: 46+ (Oct 2015)\n* Opera 29+ (Apr 2015)\n* Safari 10.1+ untested and Desktop-only\n\n### Encryptor\n\n* Any recent version of Firefox, Chrome, Opera or (Desktop) Safari\n\n## Security considerations\n\nPolySafe relies on the following algorithms offered natively by the WebCrypto API and running directly in the browser:\n\n* Authenticated encryption: AES-GCM (128 bits with a cryptographically random IV)\n* Key derivation: PBKDF2 (200,000 rounds with a cryptographically random salt)\n\nCombined with a high-entropy password, this algorithmic setup should be reasonably secure for most users and their data. However, not just because of the possibility of bugs and structural weaknesses in the implementation, **there can be no guarantee whatsoever for the confidentiality of the processed data**.\n\nNote that PBKDF2 does **not** offer the same level of resistance against GPU- and ASIC-based attacks as more recent algorithms such as scrypt or Argon2. These algorithms are not supported by the WebCrypto API and would thus have made the implementation both more complex and much less efficient. Since \"Never trust a random guy on GitHub\" should come well before \"Protect against dedicated adversaries with GPU clusters\" in anyone's threat model, not supporting better key derivation algorithms is a trade-off I am willing to make.\n\nShould the self-decrypting HTML file have passed outside of your control between creating it and decrypting it again (e.g. you sent it to yourself by email or uploaded it somewhere on the web), then you may want to verify that the file has not been tampered with. For example the file could have been modified in such a way that the password will be leaked.\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffmeum%2Fpolysafe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffmeum%2Fpolysafe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffmeum%2Fpolysafe/lists"}