Skip to content

Latest commit

 

History

History
88 lines (61 loc) · 2.8 KB

README.md

File metadata and controls

88 lines (61 loc) · 2.8 KB

Semel Secure Message

Visit secrets.renuo.ch to share expiring secrets once. Encryption and decryption is done exclusively in the browser. No secret reaches the server.

Semper Semel Simplex!

Run your own

This is a 12factor app using the Apt and Crystal Heroku buildpacks. Installation is as easy as clicking this button.

Deploy

Warning Be aware though that you'll loose your SQLite database often if you use Heroku. You may want to hook into a Postgres database or use Dokku with a volume on your own server. Sticking to a SQLite database also means that you can run on 1 "dyno" only.

Development

Install required prerequisites:

  • Crystal >=1.1
  • SQLite3
  • mkcert

Then run those convenient scripts from the project root:

bin/setup
bin/check
bin/run

FAQ

  • Why is there no file upload support?

    File upload capabilities would increase demands for the backend and complexity in general. The idea is rather that you encrypt a file and send it through an insecure channel. You would then only share the encryption key via seme.li.

    If you really want file upload support, you can add it yourself. Have a look at this PR.

    Alternatively I know about the following more bloated (less auditable) alternatives. They all support file uploads:

  • How should I encrypt a file to be transferred on an insecure channel?

    You can use OpenSSL tooling like this

    openssl enc -aes-256-cbc -salt -pbkdf2 -iter 20000 -in folder.zip -out folder.zip.enc

    The resulting (big) file folder.zip.enc would be transferred on an insecure channel like email together with the instruction to decrypt the file while the password goes over seme.li.

    Use this to decrypt the file

    openssl enc -d -aes-256-cbc -salt -pbkdf2 -iter 20000 -in folder.zip.enc -out folder.zip

    Attention: Normal ZIP encryption is not secure and can be broken by a script kiddie in a matter of seconds. The above used OpenSSL approach is way better.

Contributing

  1. Fork it (https://github.com/schmijos/seme.li)
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

License

2021-2024 Copyright by Josua Schmid, published under the AGPL license