-
Notifications
You must be signed in to change notification settings - Fork 0
Encryption
Data from your computer to the server is protected through TLS. From there the application runs the text through AES-GCM encryption to make your text unreadable. Then we insert the encrypted data into the database, making sure your data is never stored unencrypted at rest
While we currently don't support end-to-end encryption we're looking at implementing it. What this would entail is using your local computer to encrypt the data then send it to the server where it is then stored in the database. From there we generate a link/url with the key behind a fragment. Due to the nature of fragments, the server never learns about the key. The Following from Wikipedia provides more context:
The fragment identifier functions differently to the rest of the URI: its processing is exclusively client-sided with no participation from the web server, though the server typically helps to determine the MIME type, and the MIME type determines the processing of fragments. When an agent (such as a web browser) requests a web resource from a web server, the agent sends the URI to the server, but does not send the fragment. Instead, the agent waits for the server to send the resource, and then the agent processes the resource according to the document type and fragment value.[2]
Send the URL to the recipient through your preferred means of distribution. After the recipient receives the link, the web client will send the id to the server which will return the encrypted text. With the encrypted text and the key from the URI fragment the web client can decrypt and display the decrypted text.