this post was submitted on 27 Jan 2025

59 points (96.8% liked)

Privacy

3398 readers

396 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

Be civil and no prejudice
Don't promote big-tech software
No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
No reposting of news that was already posted
No crypto, blockchain, NFTs
No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 8 months ago

MODERATORS

fxomt@lemmy.dbzer0.com

otter@lemmy.ca

shaytan@lemmy.dbzer0.com

fxomt@piefed.social

crypt.fyi - Secure Secret Sharing with Zero-Knowledge End-to-End Encryption (crypt.fyi)

submitted 6 months ago by Blaze@lemmy.zip to c/privacy@lemmy.dbzer0.com

16 comments fedilink hide all child comments

From an author:

I wanted to share crypt.fyi - a free, open-source tool I built for securely sharing sensitive data/files. It uses client-side encryption and zero-knowledge architecture.

Key features:

- Zero-knowledge architecture
- End-to-end encryption using AES-256-GCM (actively investigating post-quantum encryption options)
- Self-hostable
- Suite of configurations (password, burn after read, max read count, ip/cidr-allow list, webhooks)
- Strict rate-limiting
- Strict CSP to mitigate supply chain attacks
- Web, cli, and chrome-extension clients
- Fully open source (Github)

The problems I aimed to solve: Many people share sensitive info (passwords, keys, etc.) through email, Slack, or SMS - which often leaves plaintext copies in multiple places. Existing solutions either require accounts, aren't open source, or have security/privacy/ui/ux/feature/config gaps/limitations.

crypt.fyi is built with privacy-first principles:

- No logging of sensitive data
- No analytics or tracking
- Separation of web and api servers
- All encryption/decryption happens client-side using shared cross-platform cryptography primitives from noble cryptography
- TLS encryption for all traffic
- Encrypted data is automatically destroyed after being read with strong guarantees around once-only reads

The entire codebase is open source and available for review. I'd love to get feedback from the privacy community on how to make it even better!

top 16 comments

sorted by: hot top controversial new old

[–] SanctimoniousApe@lemmings.world 15 points 6 months ago (2 children)

Hate to be "that guy," but it's mildly amusing/concerning that both instances of the "crypt.fyi" links in the body text are not secure (i.e. "http" instead of "https").

[–] homesweethomeMrL@lemmy.world 4 points 6 months ago

The devil's in the protocols.

[–] codectl@lemmy.zip 1 points 6 months ago (1 children)

Looks like the original post on Reddit took 'crypt.fyi' (the name of the tool and also the domain) and converted it to a link with http protocol.

[–] sunzu2@thebrainbin.org 1 points 6 months ago

aint that sus?

[–] hok@lemmy.dbzer0.com 6 points 6 months ago (1 children)

Also note that there's OnionShare, too. You don't need a TLS certificate or domain, don't need to port forward and can run it from home safely, routes over Tor so very hard to know you are even sharing something, well known and open source etc.

[–] codectl@lemmy.zip 3 points 6 months ago (1 children)

This detracts a bit from the convenience factor in that it requires both sender and receiver to download an app as opposed to having access to a browser. It is however much safer as the client is static and versioned so the privacy guarantees are better.

[–] corsicanguppy@lemmy.ca 0 points 6 months ago

In the same way that having a hammer requires a second tool on-hand when I can otherwise just bang the screws into concrete with my adjustable wrench?

[–] Valmond@lemmy.world 6 points 6 months ago (2 children)

Interesting!

How do I decrypt the data when I download my friends holiday photos he shared with me?

How big can they be, can I share my favourite Judas Priest album with my niece?

This is not a criticism, but was there some specific reason for using GCM?

Good work!

[–] Blaze@lemmy.zip 5 points 6 months ago (1 children)

As stated at the beginning of the post, it's not mine, feel free to share your concerns on the author's Github: https://github.com/osbytes/crypt.fyi/issues !

[–] Valmond@lemmy.world 3 points 6 months ago (1 children)

Oh sorry for that!

Mebbe get the person over here :-)

[–] Blaze@lemmy.zip 2 points 6 months ago (1 children)

Tried already: https://reddit.com/comments/1iarxev/comment/m9f5zmq

[–] Valmond@lemmy.world 1 points 6 months ago

Cool, smart move!

I hope he does, I have my own secure sharing protocol so it would be wonderful to discuss a bit!

[–] codectl@lemmy.zip 1 points 6 months ago (1 children)

How do I decrypt the data when I download my friends holiday photos he shared with me?

They're decrypted automatically in your browser via the key in the URL and additionally a password (assuming one was set when created). Both the key and password are used to encrypt the contents so the key alone is not sufficient to decrypt the contents. Regardless, it happens automatically entirely in your browser without ever sending the key or password to the API server.

How big can they be, can I share my favourite Judas Priest album with my niece?

I have the limit set to ~500kb right now. That's after encrypting the contents. How large is your favorite Judas Priest album? Maybe I can uptick to accommodate it haha.

specific reason for using GCM

Given the different tradeoffs on performance, security, and implementation complexity, GCM seemed like a reasonable choice. I'm making sure to use the OWASP recommended PBKDF iterations 1 2. I'm also looking into post-quantum options recommended by NIST 1.

[–] Valmond@lemmy.world 1 points 6 months ago* (last edited 6 months ago) (1 children)

Edit: Hi & welcome! Nice to come by and discuss these kind of things!

How is the key circulated? Over RSA or something? Or do you have to send the link+key somehow to the recipient?

Yeah GCM is nice with the inbuilt authentication. AES 256 I guess?

NIST is aaaabout to chose an algo, right? I dug deep down in all that quantum stuff like a year ago, but it didn't seem like they'd chosen Rivests algo just yet ^^

BTW is the GCM adding a lot of space? I'm on AES CTR (which just aligns to the block size) + RSA for authentication.

[–] codectl@lemmy.zip 2 points 6 months ago (1 children)

The key is transmitted in a URL query parameter. I'm planning to optionally have it transmitted separately from the URL but ultimately, the decryption key would be transmitted via otherwise insecure / normal means. This is where the understandable and healthy critique around the security/privacy of the tool stems. I shared with another user that this tool is an incremental step in the direction of more secure and ephemeral transmission of data with convenience and accessibility as a core tenant of the tools existence. Yup it is AES 256 and I believe NIST has finalized post-quantum recommendations. I'll likely be using ML-KEM which increases the resulting data size considerably but is also considerably faster.

[–] Valmond@lemmy.world 2 points 6 months ago

Thanks for the explanation!

Yeah, you could let the user encrypt the sensitive data with "your" public key for example (or use ssh I guess). For sharing keys, that's more complicated of course, especially if the person that is going to get the key doesn't know it will get the key beforehand (or the key can be encrypted with their shared public key).