search

lukewhrit / spacebin

🔭 spacebin: text sharing for the final frontier
https://spaceb.in
Apache License 2.0
95 stars 9 forks source link

feat: Password-protected AES-256 encrypted pastes #33

Open jackdorland opened 4 years ago

jackdorland commented 4 years ago

Please check the box if you understand that this repo is only for server-side backend issues. Please write issues related to the frontend or cli client in their respective repositories:

Is your feature request related to a problem? Please describe.

N/A

Describe the solution you'd like

When pastes are uploaded, perhaps through a /encrypt endpoint, you would need to specify a password in the query parameters (or multipart form value). The server would then hash the password, salt it, encrypt the paste, and return the ID. No other data will be stored on the server other than the hash of the password.

Describe alternatives you've considered

N/A

Additional context

tarumes commented 1 week ago

do it in javascript only so the server dont need to know anything about the encryption and the password can be part of the url scheme://domain.tld/key#password

lukewhrit commented 1 week ago

do it in javascript only so the server dont need to know anything about the encryption and the password can be part of the url scheme://domain.tld/key#password

@tarumes

Maybe- one of the original goals of Spacebin was to be as free of JavaScript as possible but it may be impossible to stick to that. Additionally, wouldn't it be more secure to do it server-side?

tarumes commented 1 week ago

nope the whole point of encryption is that no one knows the password not even the server

and having protected pastes just make the IDs longer and put in rate limits it results in the same as a password its just harder to guess

tarumes commented 1 week ago

I forgot to mention the server only receives the part before the #, meaning anything after it isn’t sent to the server. so only the persons with the correct string after the # can decrypt the document

lukewhrit commented 1 week ago

Yeah, I really meant that having the encryption/decryption logic on the client side might mean it's able to be bypassed. Also, if the password were in the URL it would be seen by the server that hosts the website (In Spacebin's case it's combined w/ the API) so that it could fulfill the request.

I will keep your suggestion in mind while researching the best way to implement this feature.