secpaste.dev
Secpaste. Zero-Knowledge text snippet sharing.
Less is more
This is Secpaste, a minimalistic Pastebin (1650 Lines of Code), focused on security and anonymity.
Content which got pasted is stored in a Database with ID, Token (optional) and Content, the ID and Token is hashed with SHA256 and the Pasted Data encrypted with AES256.
Key Management
Secpaste secures data using a 256-bit AES key for content encryption and a 2048-bit RSA key pair. The AES key is encrypted with the RSA public key before storage. Keys are stored seperately in a container and loaded only when needed, with the AES key being cleared from memory after use. This approach keeps data secure even if a single key file is compromised.
Token
You can generate a 64 digit (64^62) token that can be used to access previous pastes. This token is thus used for Authentication.
Secpaste does not require nor support Username/Password/Email, see FAQ.
Paste content, get an ID, then share it or from CLI with Curl: curl --data-binary @file.txt https://secpaste.dev or simply echo "Hello Word" | curl -d @- https://secpsate.dev
The data is stored in a Database, encrypted with AES256. IDs and Tokens are hashed with SHA256. Secpaste does not log anything.
Yes. All content can be deleted manually. Furthermore, all pastes without a token are automatically deleted after 14 days. All images are deleted after 7 Days.
Secpaste focuses on anonymity and secure text sharing. To authenticate, please use the token generator to generate a token. With the token, it's possible to access previous pastes and also delete them.
Yes, theoretically, that is possible. However, it's practically not feasible due to the enormous amount of possible IDs (8^64 possible combinations). That's like searching a needle in a haystack, where the haystack is the size of the Universe.
Unfortunately,there is no way to recover the lost token.