luelista / paste.sh Goto Github PK
View Code? Open in Web Editor NEWThis project forked from dgl/paste.sh
fork of paste.sh encrypted pastebin, with backend rewritten in PHP
Home Page: https://paste.teamwiki.de
This project forked from dgl/paste.sh
fork of paste.sh encrypted pastebin, with backend rewritten in PHP
Home Page: https://paste.teamwiki.de
| | __ \ _` | __| __| _ \ __| __ \ | | ( |\__ \ | __/ \__ \ | | | .__/ \__,_|____/\__|\___|_)____/_| |_| _| What? ===== This is a simple paste site. It doesn't do syntax highlighting, or get in your way. It gives you a textarea and you type in it. However behind the scenes it is encrypting your data. It uses a recently introduced browser feature (crypto.getRandomValues) to do this securely. This does mean you need a modern browser. It seems to work best in Chrome, Firefox also works well. Reading pastes should work in most browsers with JavaScript. However if you didn't guess from the name there is also a shell script "paste.sh"; see https://paste.sh/client or run the following commands to install it: cd ~/bin curl -O https://raw.github.com/dgl/paste.sh/master/paste.sh chmod +x paste.sh Why? ==== OTR works well for keeping chat secure, but sharing larger amounts of text or code over chat is not ideal. I wanted a simple way to share things with a low barrier to entry but that is still relatively[1] secure. I won't claim to be an expert on cryptography but I do think while JavaScript in a browser is not a perfect environment it is not entirely useless (as claimed in [2], although this is now slightly outdated). How? ==== JavaScript running in your browser encrypts your data using AES-256 (via the CryptoJS[3] library). The key is generated on the client side and the server is never able to decrypt the data, this works because the URL fragment (the part of the URL after the '#' symbol) is never sent to the server. Beware that depending on how you share the URL with others the fragment part may be stored by other systems. You can edit the paste for some time after pasting; this uses a session cookie in your browser. (Yes, if you deny cookies this site won't work, sorry[4]). There is a limit of 640K of data once encrypted (should be enough for anybody) per paste, go and use mega[5] if you want a file sharing site. The server side is fairly simple. I wrote it using Perl, using Web::Simple for the HTTP side and Tie::LevelDB for the key/value store with haproxy in front of it all doing the SSL. Where? ====== Here, https://paste.sh Alternatively if you want to see the code or wish to host your own version, the source code is available at https://github.com/dgl/paste.sh under the WTFPL: https://dgl.cx/licence There's also a command line client there; the comments in it are worth reading if you care about the encryption scheme used (being compatible with the OpenSSL command line tool limits the key derivation slightly). Tips ==== The command line client can do public pastes by adding the -p option, these don't use encryption but are useful for sharing where you don't need encryption and the long URL is unwieldy. Simple vim integration: command Paste w | !paste.sh % command PublicPaste w | !paste.sh -p % Who? ==== David Leadbeater (@davidgl; https://dgl.cx/contact) wrote this. If you like this thank me via Flattr (above). Favicon from "Silk" by Mark James: http://www.famfamfam.com/lab/icons/silk/ -- [1]: It's not on the level of e.g. https://crypto.cat/, especially due to having to trust that the server is serving you the right JavaScript. Although: https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/ [2]: http://www.matasano.com/articles/javascript-cryptography/ [3]: https://code.google.com/p/crypto-js/ [4]: The command line client will work, you just can't delete or change anything if you use it. [5]: https://mega.co.nz
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.