{"id":26372748,"url":"https://github.com/vsliouniaev/go-pass-cache","last_synced_at":"2026-02-02T13:19:16.368Z","repository":{"id":56868288,"uuid":"182152100","full_name":"vsliouniaev/go-pass-cache","owner":"vsliouniaev","description":"Better than sending passwords directly through your instant messaging client!","archived":false,"fork":false,"pushed_at":"2024-04-22T10:24:12.000Z","size":1966,"stargazers_count":3,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-04-22T11:36:23.408Z","etag":null,"topics":["password","password-manager","password-store","security","security-tool","small-business","small-tools","web","website"],"latest_commit_sha":null,"homepage":"https://passcache.net","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vsliouniaev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-04-18T20:20:12.000Z","updated_at":"2024-04-22T11:36:30.209Z","dependencies_parsed_at":"2024-03-16T19:19:36.966Z","dependency_job_id":"781ca5eb-1994-41a8-b71a-90238d9a2202","html_url":"https://github.com/vsliouniaev/go-pass-cache","commit_stats":{"total_commits":24,"total_committers":2,"mean_commits":12.0,"dds":"0.29166666666666663","last_synced_commit":"64de18a27b80fa3df22fb392dcd9432e1f68b6fe"},"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsliouniaev%2Fgo-pass-cache","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsliouniaev%2Fgo-pass-cache/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsliouniaev%2Fgo-pass-cache/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsliouniaev%2Fgo-pass-cache/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vsliouniaev","download_url":"https://codeload.github.com/vsliouniaev/go-pass-cache/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243955778,"owners_count":20374373,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["password","password-manager","password-store","security","security-tool","small-business","small-tools","web","website"],"created_at":"2025-03-17T01:19:06.941Z","updated_at":"2026-02-02T13:19:11.323Z","avatar_url":"https://github.com/vsliouniaev.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Go Report Card](https://goreportcard.com/badge/github.com/vsliouniaev/go-pass-cache)](https://goreportcard.com/report/github.com/vsliouniaev/go-pass-cache)\n[![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/vsliouniaev/go-pass-cache?sort=semver)](https://github.com/vsliouniaev/go-pass-cache/releases/latest)\n[![Docker Pulls](https://img.shields.io/docker/pulls/vsliouniaev/pass-cache?color=blue)](https://hub.docker.com/r/vsliouniaev/pass-cache/tags)\n\n_Better than sending passwords directly through your instant messaging client!_\n\n## Motivation\n\nSecurity is a compromise between convenience and safety. Sending passwords over\ninstant-messaging applications (Slack, Skype, Teams, etc) is endemic, particularly in\nsmaller companies, where security tooling tends to rank lower.\n\nUsing multiple separate channels to send data improves security - for example, sending an encrypted email with the decryption key sent through SMS. In recent years this has started to become more common.\n\n## Approach\n\n### Features\n* Allow at-most-once access to the data I want to share:\n * Data is erased immediately as it is accessed.\n* Limit the time the data is accessible for:\n * Data is inaccessible after 5m.\n* Don't trust the server\n * Server has no knowledge of encryption keys- all data is encrypted and decrypted in the end-user's browser using a [libsodium](https://github.com/tonyg/js-nacl)\n * Key is never sent to the server by using a URL fragment.\n* Send the data through multiple routes:\n * Only encrypted data is stored on the server at a random URL\n * URL and password are send to the target user through an instant-messaging client\n* Fast end-user experience\n * Perform encryption, generate the URL and copy it with `Shift + Return` or one button tap\n * Paste the URL automatically fetches, decrypts and displays the data\n * Everything works from one URL\n\n### How it works\n#### Sender\n1. The user visits the website (passcache.net), and types in the password they want to share with another user.\n2. The brower auto-generates an **Id** and symmetric encryption **Key** directly in the browser on the user's computer. The encryption **Key** never leaves the user's compuater.\n3. The user-provided data is encrypted using the encryption **Key** and sent to the website's server under the generated **Id**.\n4. A URL is constructed locally in the browser using the **Id** and appended with the **Key** as a _[fragment](https://en.wikipedia.org/wiki/URI_fragment)_. For example https://passcache.net?97e82ccc#912e, the Id is `97e82ccc` and the Key is `912e`.\n5. The user sends the full URL through their instant-messaging application.\n\n#### Receiver\n\n1. The receiver pastes the URL into their address bar.\n2. The browser sends everythig before the _fragment_ to the server, which looks up the encrypted data using the **Id**, deletes it from memory, and sends it back to the browser. The _fragment_ portion of the URL, which is the **Key** necessary for decryption, is not sent to the back-end server.\n3. The browser decrypts the encrypted data using the **Key** from the _fragment_ and shows it to the user.\n\n\n#### Diagram\n\n\n```\n=== SENDER ===\n ┌─────────────┐\n │passcache.net│\n │ │\n │ │\n │ ▲ ▲ │\n │ │ │ │\n ┌───────────────────┐ └──┼────┼─────┘\n │ Browser │ │ │\n │ │ │ │\n │ ┌───────────────┐ │ │ │\n │ │Id (Generated)├─┼──────┘ │\n │ └───────────────┘ │ │\n │ │ ┌──────┴──┐\n ┌────────┐ │ ┌───────────────┐ │ │Encrypted│\n │Password├──────┤►│Key (Generated)├─┼───►│Password │\n └────────┘ │ └───────────────┘ │ └─────────┘\n │ │\n └───────────────────┘\n\n\n\n https://passcache.net/get?Id(generated)#Key(generated)\n\n\n=== RECEIVER ===\n\n┌───────────────┐\n│ passcache.net │\n│ │\n│ ┌───────┐ │\n│ │ │ │ ┌─────────────────────┐\n└────┼───────┼──┘ │ Browser │\n │ │ │ │\n │ │ │ ┌──────────────┐ │\n │ └─────────────┼─ │Id (From URL)│ │\n │ │ └──────────────┘ │\n ▼ │ │\n ┌─────────┐ │ ┌──────────────┐ │ ┌────────┐\n │Encrypted├───────────────┼─►│Key (From URL)├───┼──►│Password│\n │Password │ │ └──────────────┘ │ └────────┘\n └─────────┘ │ │\n └─────────────────────┘\n```\n\n\n## Notes\n\n* First version written in July 2013 in C#, and pre-dates [Firefox send](https://support.mozilla.org/en-US/kb/send-files-anyone-securely-firefox-send) by a few years.\n* Original codebase is at https://github.com/vsliouniaev/pass-cache.\n* Thanks to @eoincampbell for suggesting the URL fragment trick.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvsliouniaev%2Fgo-pass-cache","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvsliouniaev%2Fgo-pass-cache","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvsliouniaev%2Fgo-pass-cache/lists"}