{"id":13422876,"url":"https://github.com/jes/hardbin","last_synced_at":"2026-03-11T15:03:05.607Z","repository":{"id":137662374,"uuid":"91518890","full_name":"jes/hardbin","owner":"jes","description":"Encrypted pastebin using IPFS","archived":false,"fork":false,"pushed_at":"2023-10-25T08:04:22.000Z","size":127,"stargazers_count":257,"open_issues_count":5,"forks_count":32,"subscribers_count":8,"default_branch":"master","last_synced_at":"2026-02-23T09:53:19.358Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-05-17T01:08:00.000Z","updated_at":"2026-02-18T00:31:30.000Z","dependencies_parsed_at":null,"dependency_job_id":"84de0abd-00bf-4b35-ad86-fd854b0e9465","html_url":"https://github.com/jes/hardbin","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jes/hardbin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jes%2Fhardbin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jes%2Fhardbin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jes%2Fhardbin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jes%2Fhardbin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jes","download_url":"https://codeload.github.com/jes/hardbin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jes%2Fhardbin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29964203,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T06:55:38.174Z","status":"ssl_error","status_checked_at":"2026-03-01T06:53:04.810Z","response_time":124,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T23:00:59.293Z","updated_at":"2026-03-11T15:03:05.590Z","avatar_url":"https://github.com/jes.png","language":"JavaScript","funding_links":[],"categories":["Apps","JavaScript","应用","File Sharing"],"sub_categories":["Security"],"readme":"# hardbin.\n\n\u003e *The world's most secure encrypted pastebin, guaranteed* *\n\nHardbin is an encrypted pastebin, with the decryption key passed\nin the URL fragment, and the code and data served securely with\n[IPFS](https://ipfs.io/). (IPFS is a distributed content-addressable\nstorage system that is web-compatible; it's basically bittorrent for\nthe web).\n\nThe IPFS gateway you use has the same\ncapabilities as an ordinary web server (i.e. it can modify content at\nwill), so you should make sure to use a gateway you trust. Running\na local gateway is the best option. Start with the IPFS [Getting\nStarted](https://docs.ipfs.io/how-to/command-line-quick-start/) guide.\n\nCompared to a traditional encrypted pastebin (e.g.\n[ZeroBin](https://zerobin.net)), when used over a trusted gateway, neither\nthe code nor the data can be modified as the content hashes are\ncryptographically verified by IPFS. This means there is no possibility for a\nserver operator to insert malicious code to exfiltrate the plaintext or\ndecryption key. It's the perfect encrypted pastebin.\n\n(* this is not a guarantee)\n\n## Usage\n\nNote that the security benefits of hardbin only apply when accessing\nit over a local (or otherwise trusted) gateway. If you access it over\na gateway that you do not control, then the security model degrades to\nbe equivalent to that of traditional encrypted pastebins.\n\nThe [github repo](https://github.com/jes/hardbin) should also link\ndirectly to the latest IPFS hash.\n\nIt doesn't matter which IPFS gateway is used to access hardbin, but\nyou won't be able to publish anything unless you use a writable gateway\n(i.e. ```ipfs daemon --writable```).\nBut remember that\nusing a public gateway means you are trusting the public gateway not to\nship malicious code to (for example) exfiltrate the plaintext.\n\nIn general it should either work out-of-the-box or give good instructions\non how to make it work.\n\nThe content will need to be pinned to make sure it stays\naround for long term (the same as any content stored in\nIPFS). [Pinata](https://pinata.cloud/) is a service offering to pin\ncontent for a very, *very* small fee. Failing that, content will stay\naround as long as it is cached on any node (e.g. a public gateway).\n\nIf you want to share a link to hardbin which will automatically\nload this README, append ```#about``` as the fragment.\n\n### Local gateway\n\nA local gateway that you run yourself is the safest way to use hardbin.\n\nFollow the [IPFS Getting\nStarted guide](https://docs.ipfs.io/how-to/command-line-quick-start/), but make sure to run the gateway with ```ipfs daemon\n--writable```, else you won't be able to publish anything.\n\nYou can then install a browser extension such as \u003ca\nhref=\"https://chrome.google.com/webstore/detail/ipfs-companion/nibjojkomfdiaoajekhjakgkdhaomnch\"\u003eIPFS\nCompanion\u003c/a\u003e for Chrome to automatically redirect IPFS paths to your\nlocal gateway.\n\n### Public gateway\n\nAny public gateway will work fine for viewing content, but you won't\nbe able to publish anything on a non-writable gateway. Using a public\ngateway also trusts the public gateway not to insert malicious code to\nexfiltrate content (or do anything else it shouldn't).\n\n### Writable public gateway\n\nA writable public gateway will work fine for viewing and publishing,\nbut you're still trusting the public gateway not to insert malicious code.\n\n## How it works\n\nThe hardbin code is served out of IPFS. The user then inputs\nthe content. When the content is published, a key is generated\nusing the ```crypto.getRandomValues()``` API and the content\nis encrypted in javascript in the browser using AES-256 via\n[Crypto-JS](https://github.com/brix/crypto-js). The new content is then\npushed to the IPFS gateway.\n\nThe decryption key is passed in the URL fragment, and the URL can be\nshared with anybody.\n\nAs long as the IPFS gateway is not compromised, and the user visits a\nknown-good hash in the first place, there is no possibility for anybody\nto modify either the code or the data, because to do so would change\nthe IPFS hash.\n\nSince nobody can modify the code, and nobody can view the key unless you\nshow it to them, nobody without the key can either read the plaintext\nor ship a malicious viewer which would exfiltrate the plaintext (or key).\n\n## Self-hosting\n\nYou can \"self-host\" hardbin as follows:\n\n    git clone https://github.com/jes/hardbin\n    ipfs add -r hardbin/\n\n## Custom modifications\n\nIf you want to use any custom modifications, you can simply make them,\npublish your new code on IPFS with ```ipfs add```, and then it's\navailable and ready to use. It's just as much a first-class citizen as\nthe version in this git repo, and you're equally welcome to access it\nvia a public writable gateway.\n\nOf course, pull requests are always welcome for improvements that might\nbe useful to others.\n\n## Security considerations\n\nYou still need to share the paste URL securely, otherwise a third-party\ncan read it as easily as anybody else can.\n\nYou need to make very sure to use a known-good version of the code when\ncreating pastes, as it would be trivial to create a malicious version\nthat looks identical. The best thing to do is write down the hash the\nfirst time you use it, and always use the same hash. If you want to\nupgrade to a new version of the software, you'll need to update your hash.\n\nIf you don't use a local (or otherwise trusted) IPFS gateway, then\nthe gateway server operator can perform all the same attacks that a\ntraditional encrypted pastebin operator could perform.\n\nI don't recommend using hardbin for highly critical stuff as the code\nhas not been thoroughly audited by anyone but me. If you want to audit\nit please contact me.\n\n## Contact me\n\nHardbin was created by James Stanley. You can email me on\n[james@incoherency.co.uk](mailto:james@incoherency.co.uk), or read my\nblog at [incoherency.co.uk](http://incoherency.co.uk/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjes%2Fhardbin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjes%2Fhardbin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjes%2Fhardbin/lists"}