Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mohd-akram/plic

Website for sending one-time secret messages securely.
https://github.com/mohd-akram/plic

crystal messaging secret website

Last synced: about 2 months ago
JSON representation

Website for sending one-time secret messages securely.

Host: GitHub
URL: https://github.com/mohd-akram/plic
Owner: mohd-akram
License: mit
Created: 2018-07-30T11:28:21.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2024-06-19T09:28:46.000Z (7 months ago)
Last Synced: 2024-10-15T21:33:24.710Z (3 months ago)
Topics: crystal, messaging, secret, website
Language: Crystal
Homepage: https://plic.cc
Size: 15.6 KB
Stars: 3
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

plic
====

Use plic to send a one-time secret message.

Get started
-----------

shards install
crystal run src/plic.cr

Open [localhost:8080](http://localhost:8080).

Security
--------

### Client

WebCrypto is used for all cryptographic operations in the browser. Messages are
encrypted using AES-128-GCM and the authentication tag is used as a unique ID.
When using a password, the secret key is derived using PBKDF2-HMAC-SHA256 with
100000 iterations. No external resources (such as scripts, styles and links)
are used. The webpage is loaded in a single request and is less than 250 lines
long which can be easily reviewed.

### Server

Strict security headers (including CSP and HSTS) are set on all requests. No
data is stored other than the encrypted blob, the ID (extracted from the blob)
and the creation time (used to delete unopened messages after 30 days). No logs
are kept on the server.