Self-destructing notes written on Go with Stanford JS Crypto Library for client-side encryption/decryption.
Latest stable version deployed on https://tornote.herokuapp.com/
-
AES-256 encryption used with 27 bytes secret key (randomly generated on client).
-
All private data including secret not leaving a web-browser without encryption.
-
Server stored only anonymous encrypted data (without any reference to author or reader).
-
Note decrypted on the client-side via the SJCL and immediately deleted on server after reading.
If you have ideas to improve the our safety/security so far as possible please post the issue.
Configuration settings can be set with .env file or environment.
DATABASE_URL
- Data source name (DSN) for PostgreSQL database.
SECRET_KEY
- Server secret used for CSRF protection.
HTTPS_ONLY
- HTTPS only traffic allowed (disabled by default).
Deploy to Heroku cloud:
Build and run locally with Docker:
git clone https://github.com/osminogin/tornote
docker build -t tornote .
docker run -p 8000:8000 -e DATABASE_URL=... -e SECRET_KEY=... tornote
See COPYING