client-side encryption? #230
Comments
I've desired this for years. Somewhat tangential to what you describe, I wrote https://github.com/ptpb/cryptio with the goal that even without client-side participation, the server would be unable to examine the content of any paste. |
I'm really happy to hear that! I was worried this would get closed as a "out of scope, use PGP" or something. :) I think there's room to keep the current implementation and just fix the clients and the web-visible parts (in i'm not sure how in that case cryptio would be used for the dedicated client and something similar would be used in the webapp for users who can't use the client. |
That's why I said "tangential"; it's a separate idea. It's more of a data-privacy thing than a zero-trust thing.
Yeah; the server would have (temporary) knowledge of the key, but only while a request is being serviced. As far as storage, the key would become the paste's identifier, and the server-side identifier would be some key derivation of that. |
The "authoritative" client is pbwww; I don't think it's a good idea to build on that (other than maybe to steal the UI, because UI design is the boring/hard part), even though I wrote much of it. |
To make this "the best pastebin that ever was or will be" (#62), one thing I think is missing is client-side encryption. I know there's a way to expire pastes, but that still requires trusting the server somehow. It would be nice if, like Up1 or lufi, pb could allow clients to upload opaque blobs that would be rendered with a key stored in the URL anchor (so it's not visible to the server).
The commandline client would also need to be updated, obviously, and this would complicate things quite a bit, but I wonder if this was considered at all.
The text was updated successfully, but these errors were encountered: