Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/scarsz/bin
AES 128/256-bit encrypted, GitHub Gists-inspired, anonymous pastebin
https://github.com/scarsz/bin
aes anonymous encryption gist hacktoberfest pastebin self-hosted
Last synced: about 2 months ago
JSON representation
AES 128/256-bit encrypted, GitHub Gists-inspired, anonymous pastebin
- Host: GitHub
- URL: https://github.com/scarsz/bin
- Owner: Scarsz
- Created: 2019-05-06T22:07:08.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2020-11-21T01:20:06.000Z (about 4 years ago)
- Last Synced: 2024-10-11T03:22:10.106Z (3 months ago)
- Topics: aes, anonymous, encryption, gist, hacktoberfest, pastebin, self-hosted
- Language: Java
- Homepage:
- Size: 113 KB
- Stars: 14
- Watchers: 2
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Bin
Bin is an AES 128/256-bit encrypted, GitHub Gists-inspired, anonymous
pastebin. All data on the server is encrypted such that the operators
of the server have no knowledge of what data is stored on it. This
tool was designed to be a replacement for my old debug information
server that [DiscordSRV](https://github.com/DiscordSRV/DiscordSRV)
uses. The problem with the old system was that while I am by no means
a malicious actor, it raises a security concern that I was in
possession of lots of debug information from the plugin and the
servers using it, all in plain text. I don't really like that and
I don't think it's fair to server owners either thus Bin was made.# How it works
When DiscordSRV or any other client uploads to Bin, it uploads the
data after it's already been encrypted. The client just sends the
encrypted data, without the key. It's the client's responsibility
to make sure the encrypted data is able to be decrypted properly
as the server has no way of knowing the contents of anything on it.
When data is uploaded, the server gives back the bin UUID- the view
URL is in the format `https://host/UUID#KEY`.#### Notice how the key is after a `#`.
This is how you're able to have a URL that includes the decryption
key without exposing the key to the server. Browsers don't send
anything after `#` in URLs because that information is only really
used for telling the browser to show a given element on the page.
The cool part about that though is that the browser's JavaScript
engine has access to this data and thus the decryption key. This lets
the browser fetch the encrypted data from the server and decrypt it
itself.# Developers
Bin exposes a few endpoints that're useful if you're making a client.
**Be sure to set a proper user agent.**
```
GET /UUID.(json|xml) -> /api/UUID.(json|xml)
GET /api/UUID.(json|xml) -> /[latest API]/UUID.(json|xml)
GET /v1/UUID.(json|xml) -> JSON or XML dump of the bin dataPOST /post
{
// when generating the 16 or 32-byte key, only use alphanumeric characters
// you can technically use whatever bytes you want in the key but that will restrict the bin to custom clients only
// when encrypting data, it should be in the format "initializationVector[0-15]encryptedData[16...]"
// in other words, the "encrypted data" should be the IV plus the actual encrypted data
// and please- do not use the same IV for every encryption. it should be randomly generated for every encryption."description": base64(aes("optional bin description")),
"expiration": -43200, // optional expiration in minutes; negative number = minutes since creation,
// positive number = minutes since last access
"files": [
{
"name": base64(aes("file-name.txt")),
"content": base64(aes("file content")),
"description": base64(aes("optional file description")),
"type": base64(aes("MIME type- if not defined, view page defaults to application/octet-stream"))
},
...
]
}
```# Contributing
I'm not the best at front end design. If you want to add some visual
improvements to Bin's UI, feel free to make a pull request.