PrivatePM

About

PrivatePM is a simple tool that encrypts a message, but only allows decryption for a period of time. Messages are never sent to the server. Encryption is done completely client side. In order to enforce the expiration time, the encryption key is stored on the server. The actual encrypted message is stored in the URL.

Note that this service is not intended to store large files (only short messages such as passwords). As URL lengths are often limited, you may only have up to 2k characters in certain browsers (though feel free to max out its capabilities as it makes no difference to me). You should use other forms of encryption for anything super sensitive or larger in size.

Protocol

Encryption:

  1. The client generates a random encryption key and encrypts the message.
  2. The client hashes the encrypted message.
  3. The client sends both the hash and the encryption key to the server for storage.
  4. At this point, you may share the encrypted message.

Decryption:

  1. The client hashes the encrypted message.
  2. The client sends the hash to the server and gets back the encryption key.
  3. The client decrypts the message.

Specifics

We use AES for encryption and SHA-256 for hashing. The server uses a simple Redis store for mapping the hashes to encryption keys. Expiration is done using the native Redis expiration feature.