I started writing this little web app as a way to learn about setting up a website on Netlify and to try out some new libraries. It was a lot of fun to work on and has turned out to be quite useful for sharing little messages or passwords. I wanted to share it here to get some feedback and hopefully inspire some other people out there working on similar projects :)
The site is basically a little clone of the service privnote.com - and it works by encrypting a message in the browser and stores the encrypted message in a redis server. The password to decrypt the note never leaves the browser and the site gives you a link to share with someone else with the password appending to the hash section of the url - that way the password you share with them never leaves their browser either. When the other person opens the link the web app will fetch the note and decrypt it on the client side. I set it up so that the encrypted note on the server is deleted as soon as it is read from the database.
The source code is available on my GitHub page - feel free to check it out. I wrote out some instructions there on how to deploy it yourself if you want to run your own version of it.
Top comments (6)
Nice service, a couple of months ago I searched for a service exactly like this as I wanted to share a one-time read encrypted password. It's really handy for sharing this kind of messages, the interface is pretty straight to the point and the service works fine. Great job. It's on my bookmarks now :)
Thanks for taking a look at it! When I get a little more time I think I’ll add to the post with some points of interest in the code too :)
What do you mean by "the password never leaves the browser"? Are you just referring to the unencrypted version of the password? Because If it's appended to the URL , assuming it's shared it definitely does leaves the browser.
Thanks for taking a look and for leaving the question- I might edit that description again when I get a chance to clear up what I meant there.
Cool feature!!
Certainly possible - though I'm sure what the benefit there would be and I like that the server doesn't need to ever handle passwords at all. What did you have in mind?