✍️ How it works
- The message is encrypted in client side using XSalsa20Poly1305 authenticated
encryption cipher.
- A unique key is generated to encrypt the message. This key is never sent to the backend server.
- The encrypted message packet is stored in the backend with a unique UUID.
- A shareable link (
/share/{uuid}#{key}) is generated which contains the UUID for the encrypted
message. The secret key is part of
this URL as a hash parameter, ensuring that the backend server never receives it.
- An additional passphrase is set for creating and opening links, which ensures that only designated
recipients can open the link.
- The encrypted message is only valid until the user-defined TTL expires or it has been accessed until the
access count has reached the maximum limit.
TL; DR: The key used to encrypt the secret text is never stored in the backend. Only the recipient with
the
link can decrypt the message.
View the source