plic
plic
Use plic to send a one-time secret message.
Get started
shards install
crystal run src/plic.cr
Open localhost:8080.
Security
Client
WebCrypto is used for all cryptographic operations in the browser. Messages are encrypted using AES-128-GCM and the authentication tag is used as a unique ID. When using a password, the secret key is derived using PBKDF2-HMAC-SHA256 with 100000 iterations. No external resources (such as scripts, styles and links) are used. The webpage is loaded in a single request and is less than 250 lines long which can be easily reviewed.
Server
Strict security headers (including CSP and HSTS) are set on all requests. No data is stored other than the encrypted blob, the ID (extracted from the blob) and the creation time (used to delete unopened messages after 30 days). No logs are kept on the server.
plic
- 3
- 0
- 0
- 0
- 1
- 5 months ago
- July 30, 2018
MIT License
Thu, 21 Nov 2024 18:05:54 GMT