FlashPaper alternatives and similar software solutions
Based on the "Pastebins" category.
Alternatively, view FlashPaper alternatives based on common mentions on social networks and blogs.
-
PrivateBin
A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. -
-
-
-
-
Sup3rS3cretMes5age
Simple to use, simple to deploy, one time self destruct messaging service, with hashicorp vault as a backend -
Modern Paste
DISCONTINUED. Modern pastebin with a contemporary, minimalistic user interface backed by a robust feature set. -
-
Paaster.io
Paaster is a secure and user-friendly pastebin application that prioritizes privacy and simplicity. With end-to-end encryption and paste history, Paaster ensures that your pasted code remains confidential and accessible. -
-
cryptonote
:lock: A simple open source web application that lets users encrypt and share messages that can only be read once. -
-
-
-
ZeroBin
DISCONTINUED. This Project has been renamed and moved to https://github.com/PrivateBin/PrivateBin -
Phaste
DISCONTINUED. A Phalcon-based, MySQL pastebin application with privacy-respecting Piwik integration and syntax highlighting. -
localpaste
a simple python based pastebin you can run locally, with curl for input, just like clbin.com -
Linked.PM
A simple web application which encrypts your private messages (Java Script client-side encryption) and converts them into clickable links and QR-codes.
WorkOS - The modern identity platform for B2B SaaS
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of FlashPaper or a related project?
README
FlashPaper
A one-time encrypted zero-knowledge password/secret sharing application focused on simplicity and security. No database or complicated set-up required.
Demo
Installation
Docker (Recommended)
The latest release of FlashPaper is available at ghcr.io/andrewpaglusch/flashpaper.
- Download docker-compose.yml from this repo
- Edit
docker-compose.ymlwith your customizations - Run
docker-compose up -dto start FlashPaper - Set up a reverse-proxy in front of FlashPaper that terminates SSL/TLS
Traditional
Requirements: PHP 7.0+ and a web server
- Download and extract the latest release of FlashPaper to the document root of your web server
- Copy
settings.example.phptosettings.phpand make customizations to that file - Disable access logging in your web server's configuration so nothing sensitive (IP addresses, user agent strings, timestamps, etc) are logged to disk
How It Works
Submitting Secret
<random>--secrets.sqlitesqlite database created (if it doesn't already exist)<random>--aes-static.keyrandomized 256-bit AES static key created (if one doesn't exist already)- Random 256-bit AES key created
- Random 128-bit IV created
- Random 64-bit ID created
- ID + AES key hashed with bcrypt
- Submitted text encrypted with AES-256-CBC using AES key and random IV
- Ciphertext now encrypted with AES-256-CBC using static AES key and random IV
- ID and AES key joined (known as
k) - Random prune date/time generated using
prune->min_days/max_days - ID, IV, bcrypt hash, ciphertext, and prune epoch stored in DB
kvalue returned to user in one-time URL
Retrieving Secret
kvalue removed from URLkvalue split into two parts: ID and AES key- IV, bcrypt hash, ciphertext looked up in DB with ID from
k kbcrypt hash compared against bcrypt hash from DB (prevents tampering of URL)- Ciphertext decrypted with static AES key and IV
- Ciphertext decrypted with AES key from
kand IV - Entry deleted from DB
- Decrypted text sent to user
Submitting Secrets via the API (with curl)
FlashPaper can accept secret submissions through a simple API. The retrieval URL will be returned in a JSON object.
Here's what it looks like to submit a secret with curl:
$ curl -s -X POST -d "secret=my secret&json=true" https://flashpaper.io
{"url":"https://flashpaper.io/?k=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}
Settings
prune:
enabled: Turn on/off auto-pruning of old secrets from the database upon page loadmin_days/max_days: When a secret is submitted, a random date/time is generated betweenmin_daysandmax_daysin the future. After that date/time has elapsed, the secret will be pruned from the database ifenabledis set totrue. This is to prevent your database from being filled with secrets that are never retrieved. NOTE: Even ifenabledis set tofalse, the prune value will still be generated and stored in the database, but secrets will not be pruned unlessenabledis switched totrue.
base_url:
FlashPaper will try to generate the secret retrieval URL based on information provided by the upstream webserver. This process isn't always 100% accurate. If the secret retrieval URL that FlashPaper creates isn't correct for your setup (this usually happens when you're using a reverse proxy upstream), you can manually specify the URL that FlashPaper will use. For example: A base_url of "https://foo.com/flashpaper" will result in retrieval URLs like "https://foo.com/flashpaper/?k=xxxxxxxxxxxxx".
Donations
PayPal: https://paypal.me/AndrewPaglusch
BitCoin: 1EYDa33S14ejuQGMhSjtBUmBHTBB8mbTRs
Donations are not expected, but they are very appreciated!