Skip to content
/ plic Public

Website for sending one-time secret messages securely.

plic.cc

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mohd-akram/plic

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
etc
etc
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
shard.lock
shard.lock
 
 
shard.yml
shard.yml
 
 

Repository files navigation

plic

Use plic to send a one-time secret message.

Get started

shards install
crystal run src/plic.cr

Open localhost:8080.

Security

Client

WebCrypto is used for all cryptographic operations in the browser. Messages are encrypted using AES-128-GCM and the authentication tag is used as a unique ID. When using a password, the secret key is derived using PBKDF2-HMAC-SHA256 with 100000 iterations. No external resources (such as scripts, styles and links) are used. The webpage is loaded in a single request and is less than 250 lines long which can be easily reviewed.

Server

Strict security headers (including CSP and HSTS) are set on all requests. No data is stored other than the encrypted blob, the ID (extracted from the blob) and the creation time (used to delete unopened messages after 30 days). No logs are kept on the server.

About

Website for sending one-time secret messages securely.

plic.cc

Topics

website crystal messaging secret

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages