A minimalistic service providing a secure file and text share between two parties. This is a small personal project to help me securely overcome corporate information silos, where desperate people would otherwise send sensitive information via chat or mail.
- Elliptic-curve Diffie–Hellman (ECDH) as key agreement protocol.
- Data is encrypted symmetrically with AES-GCM (256 bit).
- No "roll your own". All crypto is browser-native through the Web Crypto API.
- Instant updates via WebSocket.
- Installable PWA.
- Zero-trust server that merely acts as a forwarder for client-side encrypted payloads.
To mitigate MITM attacks, the security of the connection can be verified by confirming both parties have the same key fingerprint in the form of a word list (bip-0039).
File sizes are somewhat limited (in the browser) due to the KISS approach.
- Offline editing and subsequent 3-way merge of the divergence
- Manual onboarding of 3rd party with the key encoded as a 26 word list
demo.6.mp4
# frontend
cd frontend
npm install
npm run dev
# backend
poetry shell
poetry install
DEV=1 SCRATCHPAD_ADMIN_BEARER=somesecret uvicorn app:app --reloaddocker-compose containers managed by a systemd service. The stack can be deployed with ansible.
Frontend is build locally with Dockerfile and then rsynced to server.
Docker exposes port 8003 for internal redirection, TLS termination will be left up to you.
# remote
# Bearer for SwaggerUI at https://yourserver.com/api/docs
echo "SCRATCHPAD_ADMIN_BEARER=somesecret" > /var/www/scratchpad/docker/.env
# local
ansible-playbook deploy.yml -i "yourserver.com," --tags "BE,FE"Frontend: Vue, Vite, Vite PWA, Boostrap, Boostrap Icons, Dropzone.js
Backend: Nginx, FastAPI, Uvicorn, JSON on disk