Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
                                  |               |     
                 __ \   _` |  __| __|  _ \    __| __ \  
                 |   | (   |\__ \ |    __/  \__ \ | | | 
                 .__/ \__,_|____/\__|\___|_)____/_| |_| 


This is a simple paste site. It doesn't do syntax highlighting, or get in your
way. It gives you a textarea and you type in it.

However behind the scenes it is encrypting your data. It uses a recently
introduced browser feature (crypto.getRandomValues) to do this securely.

This does mean you need a modern browser. It seems to work best in Chrome,
Firefox also works well. Reading pastes should work in most browsers with

However if you didn't guess from the name there is also a shell script
""; see or run the following commands to
install it:

  cd ~/bin
  curl -O
  chmod +x


OTR or Signal works well for keeping chat secure, but sharing larger amounts of
text or code over chat is not ideal. I wanted a simple way to share things with
a low barrier to entry but that is still relatively[1] secure.

I won't claim to be an expert on cryptography but I do think while JavaScript in
a browser is not a perfect environment it is not entirely useless (as claimed in
[2], although this is now slightly outdated).


JavaScript running in your browser encrypts your data using AES-256 (via the
CryptoJS[3] library). The key is generated on the client side and the server is
never able to decrypt the data, this works because the URL fragment (the part of
the URL after the '#' symbol) is never sent to the server.

Beware that depending on how you share the URL with others the fragment part may
be stored by other systems.

You can edit the paste for some time after pasting; this uses a session cookie
in your browser. (Yes, if you deny cookies this site won't work, sorry[4]).

There is a limit of 640K of data once encrypted (should be enough for anybody)
per paste, go and use mega[5] if you want a file sharing site.

The server side is fairly simple. I wrote it using Perl, using Web::Simple for
the HTTP side and Tie::LevelDB for the key/value store with haproxy in front of
it all doing the SSL.



Alternatively if you want to see the code or wish to host your own version, the
source code is available at under the WTFPL:

There's also a command line client there; the comments in it are worth reading
if you care about the encryption scheme used (being compatible with the OpenSSL
command line tool limits the key derivation slightly).


The command line client can do public pastes by adding the -p option, these
don't use encryption but are useful for sharing where you don't need encryption
and the long URL is unwieldy.

Simple vim integration:

  command Paste w | ! %
  command PublicPaste w | ! -p %


David Leadbeater (@davidgl; wrote this.

Favicon from "Silk" by Mark James:

[1]: You have to trust that the server is serving you the right JavaScript.
[4]: The command line client will work, you just can't delete or change anything
     if you use it.