Home

Awesome

Simple One Time Secret

https://secret.hackerman.ca/

http://secretrpor3nhh7m3duwk67xjmqyy4nguxxfgihxsxgmqci3f3ew6zid.onion/

Generate single use, expiring links to share sensitive information.

screenshot

How it works

Simple One Time Secret is an application that allows to securely share information using a single-use link. Once the secret has been viewed (or once the expiration is reached), the secret is deleted from the database and no longer accessible. In addition, the server only has access to the encrypted secret and its ID. Everything else is generated client side and is never sent to the server. More precisely:

  1. Using JavaScript, a random encryption passphrase (32 characters) is generated and used to encrypt the secret (aes-256-cbc).
  2. The encrypted secret is sent to the server, along with the expiration timestamp.
  3. The server replies with the ID (UUID) of the secret.
  4. A link is generated by adding the deflated (pako.deflate) concatenation of the ID and encryption passphrase to the hash data of the URL. What makes the hash data special is that it is not sent as part of the URL when the Web page is accessed.
  5. When the secret is retrieved, the server receives the ID of the secret, deletes it from the database, and returns the encrypted value back to the client (if it's not expired). Secret expiration is done using MongoDB TTL.
  6. The secret value can then be decrypted client side using the information stored in the hash data.

Installation

The easiest way of running Simple One Time Secret is by using the Dockerhub image (you'll need Docker):

# Running the app by exposing it on port 8080
$ docker run -p 8080:80 daxhackerman/simple-one-time-secret

# By default, the container has no persistence. If you need some, you can setup a volume
$ docker volume create simpleonetimesecret-db
$ docker run -p 8080:80 -v simpleonetimesecret-db:/data/db -d --name simpleonetimesecret daxhackerman/simple-one-time-secret

If you wish to build the image yourself, you'll need Git, and optionally make. From your command line:

# Clone this repository
$ git clone https://github.com/daxAKAhackerman/simple-one-time-secret.git

# Go into the repository
$ cd simple-one-time-secret

# All of the following commands are using make. If you are on a system where make is not available, simply have a look into the Makefile and manually run the required commands (under build, start or stop)

# If you want to add a clickable icon at the bottom of the page that links to a TOR URL hosting Simple One Time Secret, export the URL
$ export TOR_LINK=http://my-onion-address.onion/

# If you've never run the application, build it
$ make

# Start the application. It will listen to port 8080.
$ make start

# Stop the application when you're done
$ make stop

# You can update the application when needed
$ git pull && make && make stop; make start

You may also like...

GitHub @daxAKAhackerman