Hasty Briefsbeta

Bilingual

End-to-end encrypted secret sharing with the Web Crypto API

7 hours ago
  • #End-to-end Encryption
  • #Secret Sharing
  • #Web Crypto API
  • Author built an end-to-end encrypted (E2EE) secret sharing service to replace onetimesecret.com, using zero dependencies and only standard Web APIs.
  • The backend never sees plaintext; it only stores ciphertext and metadata (like IV and salt) temporarily in a non-persistent Redis/Valkey setup.
  • Encryption uses AES-GCM with a 256-bit key for symmetric encryption and PBKDF2-SHA256 with 600k iterations for key derivation, all via the Web Crypto API.
  • A random salt and IV are generated for each secret to ensure uniqueness and security, preventing reuse and deterministic key generation.
  • Decryption happens client-side; the backend cannot verify passphrases, and secrets are deleted after access, with brute-force protection relying on strong passphrases.