Send sensitive information, fully encrypted in the browser, key unknown by server.
This is a functional clone of http://sebsauvage.net/paste/
- super-minimal code footprint, all open source for review
- client side key generation and encryption of content
- transmit only encrypted data
- store only encrypted data
- stored data purged after TTL
web is an old-school minimalist single-page-app with as few dependencies as possible. (trying to reduce the security audit footprint)
gcp-functions is a very simple serverless function integrating firestore (next gen datastore) and exposing a minimal REST endpoint.
- build proof of concept client code, using window.crypto.subtle
- build basic GCP Function code to store/retrieve/manage data
- flesh out client code to provide basic functionality
- implement material design / make pretty
- refactor to PWA / make it fast