Send encrypted self-destructing notes securely.
- Frontend - fully static HTML deployed from this repo to Cloudflare Pages.
- Backend - powered by a Cloudflare Workers - a global serverless runtime. The worker source is in
./worker. - Storage - Encrypted notes are stored on Cloudflare Workers KV, a global, low-latency, key-value data store.
- A note is encrypted with a key that is generated locally in the browser.
- The encrypted note value is sent to a Cloudflare worker that saves it in KV.
- The worker returns an ID which can be used to get the note.
- The browser generates a link containing the note ID and the key.
- When a note is read using the link, the worker is contacted with the note ID. The key is never sent.
- The browser uses the key from the link to decrypt the note value received by the worker.
- The encrypted note is deleted from KV when its view count is exceeded, or when it expires.
- Zero knowledge - the key is never sent to the backend.
- Keys are generated securely by CryptoJS.
- Notes are encrypted by CryptoJS using AES.
- The CryptoJS library is verified using Subresource Integrity.
- Note links are protected by HTTPS.
- The code needs to be refactored and made more readable to make it easier to verify the trustworthiness of the service, or raise issues.
- Branding and SEO/Open Graph improvements are needed.