code for
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

CryptoPaste is project that allows users to:

  • share encrypted text by linking to a website (internet or intranet)
  • generate self decrypting documents (attached to email, thumb drive, etc.)

A minimal amount of the OpenPGP standard (RFC4880) is implemented in javascript so that all enciphering and deciphering happens client side.

CryptoPaste make NO claims about practical security. It only attempts a faithful implementation of OpenPGP standards and algorithms in a convenient form.

What kind of encryption is used? How strong is it?

The default settings of gpg in symmetric mode:

  • block cipher is cast5 with 128-bit key
  • KDF is OpenPGP's iterated and salted s2k with 65536 iterations

I can't comment on the parameters' strength. The reasoning was "If it's good enough for GnuPG, it's good enough CryptoPaste."

What are the sources of the random data?

When encrypting, the client must generate a random salt and a random initializing value for PGP's block chaining scheme. Both of these values come from RandomSource.getRandomValues(). Grep cryptopaste.js for getRandomValues.

On the backend, random values are needed to generate the "adjective adjective animal" name for hosted files. For this I use os.urandom() from python, which is supposed to be suitable for cryptographic use, querying /dev/urandom on the server. Grep for urandom.

How can I verify the claims of the encryption?

Encipher some test data and copy paste the OpenPGP output to a .gpg file. Then you can run gpg with --list-packets or fully try to decrypt it with --decrypt. There is a lot of debugging output shown in the browser's developer console log that you can watch, too.

Does my plaintext go on the network?

No, it happens in your browser. If you choose to create a link on cryptopaste, the ciphertext will be put on the network and stored on the server.

How can I know the plaintext didn't travel on the network?

Some ideas:

  • developer tools "network tab" in Firefox and Chrome
  • network sniffers like tcpdump and wireshark
  • reading the source code to see how it works

Does CryptoPaste log users?

It does not log any ip address to file mapping.

However, it must remember who's visited in the previous 24-hours to prevent an abusive user from uploading inordinate amounts of data. See maintain() in

Currently CryptoPaste is hosted on Dreamhost on a lower tier shared server and I can only configure the logging options made available through their web interface. Site statistics are turned off. Day, Month, and Longterm reports are disabled. The minimum number of logging days is 3, which is the current setting.

Can you recover my data or my password?

No, CryptoPaste never sees either the original data or the password. It only has the result of encryption, the ciphertext.

Can I trust CryptoPaste to protect my data?

No! Google for "javascript encryption criticism" to see many issues raised by those smarter than me in both cryptography and web development.

If some advanced adversary were targetting you, and controlled the path between CryptoPaste and your browser, they could modify the javascript as your browser downloads it and (for example) weaken the parameters or outright send the plaintext somewhere. The use of https should reduce this risk.

Will any other encryption parameters be available in the future?

Yes I plan to add some beefier options for the paranoid. I needed something to get going so went with the GnuPG defaults, and also wanted the service to be easy and simple to use.

How does the self decrypting document work?

It works just like the full CryptoPaste service, except that the stylesheet, javascript files, and ciphertext are inlined into one html file which is stripped of all features except decryption.

What dependencies are there for a client?

There are no libraries like SJCL, openpgpjs, or jquery.

You need a browser that supports non-ancient versions of javascript. I'd guess these are the more modern features that cryptopaste uses:

What dependencies are there for a host? How do I set up my own cryptopaste?

Clone the repo to your webserver.

Then configure the server so that is executable when a client makes a request. Browse to and you should see 'OK'.

Configure index.html to be your 404 handler. This is so that requests to will get dynamically processed (transferred to a request for pastes/AdjAdjAnimal.gpg).

Logs are cleared and expired pastes are deleted everytime is executed. But you can also set up a cron job to execute periodically.

If log24.txt doesn't exist, create it.

You may wish to disable the server's directory listing.

My .htaccess file in the root is:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
ErrorDocument 404 /index.html

And the .htaccess file in thepastes directory:

Options -Indexes

Test decryption by browsing to and using passphrase pw.


  • $ thttpd -p 8000 -D -c "*.py"
  • $ gpg -z 0 --output doc.gpg --symmetric doc
  • $ gpg --decrypt doc.gpg
  • $ gpg --output doc --decrypt doc.gpg
  • for httpd ln -s index.html ./errors/err404.html so http://localhost:8000/RedBlueBird will serve index.html
  • if that doesn't work, cp ./index.html ./errors/err404.html