Looking for script to send AES encrypted, self-deleting messages (self-hosted)

Dear all,

I am looking for a self-hosted solution (Open Source) that does exactly the same as services like e.g. https://nachricht.co.

  • You write a message
  • The message gets encrypted (256 bit AES for example) and stored on the server
  • The script generates a link that you can give to someone else
  • That link shows the decrypted message and can only be openend once, the message gets deleted afterwards

Does anyone of you have a hint or idea for me where to look for something like this?

A million thanks & hugs in advance!
Amitz

Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
Certified braindead since 1993 and still perfectly happy.

Thanked by (1)Offshore_Solutions

Comments

  • ehabehab Content Writer

    Amitz .... why so serious ... .where have you been?

    Thanked by (1)Amitz
  • All good, just drowning in work and real-life issues... <3

    Thanked by (1)Ympker

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1993 and still perfectly happy.

  • ehabehab Content Writer

    normal life ... thats good.

    how is your ass health?

    Thanked by (1)Amitz
  • @ehab said:
    how is your ass health?

    Ah, let's not start with my health. But nothing is worse than previously, which is probably already a good thing! I hope the best for you and your ass, too! :)

    Thanked by (1)ehab

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1993 and still perfectly happy.

  • ehabehab Content Writer

    we are all good. don't forget we love you... visit us from time to time... we also need to part :+1: with you

    Thanked by (1)Amitz
  • SagnikSSagnikS Hosting ProviderOG

    You can check out PrivateBin.

    Thanked by (2)Naix Amitz
  • @Amitz said:

    • You write a message
    • The message gets encrypted (256 bit AES for example) and stored on the server
    • The script generates a link that you can give to someone else

    These three are feasible though JavaScript. Browser generates a key via WebCrypto and uploads encrypted message to the server, and then encode the key in the link.

    • That link shows the decrypted message and can only be openend once, the message gets deleted afterwards

    This one cannot be done cryptographically.
    The server can delete the ciphertext file after it's been accessed, but there's no way to prove it's been deleted.
    Moreover, nothing prevents the viewer from copying the message, or using their camera to take a picture of the screen.

    Thanked by (2)Brueggus Amitz

    I have five ≥1GB, ≤$16/year KVM servers. Are you jealous?

  • vyasvyas OGContent Writer
    edited March 18

    @Amitz said:
    Dear all,

    I am looking for a self-hosted solution (Open Source) that does exactly the same as services like e.g. https://nachricht.co.

    • You write a message
    • The message gets encrypted (256 bit AES for example) and stored on the server
    • The script generates a link that you can give to someone else
    • That link shows the decrypted message and can only be openend once, the message gets deleted afterwards

    Does anyone of you have a hint or idea for me where to look for something like this?

    ** A million thanks & hugs ** in advance!
    Amitz

    Only because you said million hugs...maybe this will help...

    https://github.com/dutchcoders/transfer.sh/


    You did mention self hosted in OP, but
    This one is a non-self-hosted SAAS :
    https://safenote.co/

    And

    https://bashupload.com/how_to_upload_file_to_server

    Thanked by (2)Not_Oles Amitz
  • +1 for PrivateBin (Demo).
    I like their dark theme, looks much nicer.

    Thanked by (2)Amitz Not_Oles
  • YmpkerYmpker OGContent Writer
    edited March 18

    @Amitz said:
    All good, just drowning in work and real-life issues... <3

    Sending love from Spain, my dude <3
    Hope things will get better soon for you :)

    No need to encrypt pics of your Bratwurst, though. We prefer decrypted ;)

    Thanked by (1)Amitz
  • Thank you all (including the million hugs) for your suggestions! <3

    I went with PrivateBin. I am aware of the cons and pros of such a solution and the limited added "security". But a good friend of mine loves to send his notes this way and I thought he would better do that on a server that I control and not on a server that some stranger is hosting on the internet.

    Again, thanks a lot and stay as beautiful as you are!

    Thanked by (3)Not_Oles Ympker Wolveix

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1993 and still perfectly happy.

  • williewillie OG
    edited March 18

    Wait, this puts the decryption key into a newly generated url. How do you transmit the url to the person? By email? I guess if someone else intercepts and uses it, at least the intended recipient will get a link that doesn't work, and figure that something is wrong.

    This seems fairly easy to implement using redis or simply in the memory of a running server process, so all the data is kept in ram rather than on disk. I'd do a few things slightly differently. But either way, the ram approach helps with secure deletion, but it means rebooting the system would wipe out any stored messages.

    You'd ideally want to use a dedicated server with swapping turned off. @Neoon mentioned Ikoula was hosting Raspberry Pi Zeros for 1€ per month. That's the cheapest dedi I've ever heard of and seems just about right for this application. I don't know if they still have that though.

    I wrote a script for secure key deletion that might be useful for this, some years back. If you want, I could try to find a copy and send it to you. It is written in Python with some hooks for storing special key in a separate process or device.

    Keep in mind that you also want to protect the "metadata": the sizes and timestamps of the messages you are exchanging, and ideally the fact that you are communicating with the other person at all. The latter is quite hard, but I've for a while wanted to handle the sizes and timestamp issue with a simple chat script or maybe an irc client plug-in. Basically you and the other person would each leave the chat program running, and it would send (say) a 50 character packet every 5 seconds 24/7, that would contain either some encrypted text if you had typed something, or an encrypted header saying you hadn't typed anything. So to an outside observer your behaviour would look exactly the same (a packet of ciphertext every 5 seconds) whether you were typing or not.

    Thanked by (1)Amitz
  • @willie said:
    You'd ideally want to use a dedicated server with swapping turned off. @Neoon mentioned Ikoula was hosting Raspberry Pi Zeros for 1€ per month. That's the cheapest dedi I've ever heard of and seems just about right for this application. I don't know if they still have that though.

    I never said, Ikoula is selling 1€ Pi Zeros, they sold RPi4 for 2.49€ which was a limited time offer.
    Dataideas sold a 1$ Pi Zero but its also gone now.

    Thanked by (1)Amitz
  • Oh I got confused about the pi zero. Oh well. If you have a cheap dedi (kimsufi?) that you're using for some other purpose, this would be a good use for it too. Or if you can use client software that makes things easier too.

    Thanked by (1)Amitz
  • If you haven't found anything, this repo might help you find a self-host applications https://github.com/awesome-selfhosted/awesome-selfhosted#pastebins

    Thanked by (1)Amitz
  • mikhomikho AdministratorHosting ProviderOG

    @Amitz said:
    Dear all,

    I am looking for a self-hosted solution (Open Source) that does exactly the same as services like e.g. https://nachricht.co.

    • You write a message
    • The message gets encrypted (256 bit AES for example) and stored on the server
    • The script generates a link that you can give to someone else
    • That link shows the decrypted message and can only be openend once, the message gets deleted afterwards

    Does anyone of you have a hint or idea for me where to look for something like this?

    A million thanks & hugs in advance!
    Amitz

    https://privatebin.info/

    Thanked by (1)Amitz

    Get 4 or more NAT servers (mix/match between packages) and get a 20 % recurring discount. https://clients.mrvm.net

  • Privatebin looks cool but doesn't appear to do what was requested, namely delete the message after one viewing. I may try to code something like what I described above (permanently connected clients sending null messages every few seconds) but whenever I think about it, I get stopped by realizing that most users now are connecting with mobile phones rather than plugged-in computers, so they will be offline a lot of the time, and their connectivity patterns will leak the info that was supposed to be protected.

    Thanked by (1)Amitz
  • mikhomikho AdministratorHosting ProviderOG
    edited March 19

    @willie said:
    Privatebin looks cool but doesn't appear to do what was requested, namely delete the message after one viewing. I may try to code something like what I described above (permanently connected clients sending null messages every few seconds) but whenever I think about it, I get stopped by realizing that most users now are connecting with mobile phones rather than plugged-in computers, so they will be offline a lot of the time, and their connectivity patterns will leak the info that was supposed to be protected.

    there is the checkbox "burn after reading" that you can set when creating the note.
    I have a live site that you can test out. https://paste.mrvm.net/

    Thanked by (2)willie Amitz

    Get 4 or more NAT servers (mix/match between packages) and get a 20 % recurring discount. https://clients.mrvm.net

  • Sounds it is about "Perfect Forward Secrecy".

    Privatebin is not many opportunities to use, but it does not take many resources anyway.

    Thanked by (1)Amitz

    Be aware or Be next

  • Thanks to everyone who replied after my last post!
    As said, privatebin does the trick for me and is exactly what I was looking for. My friend is happy and now sending his "secret" messages through my server already. Again, thank you all and have a great rest of the week! <3

    Thanked by (3)jureve mikho Ympker

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1993 and still perfectly happy.

  • MasonMason AdministratorOG

    Hey Amitz, I really think you should check out privatebin... jk

    Glad you found your solution and you and your secret lover had a happy ending ;)

    Thanked by (2)Amitz Ympker

    Humble janitor of LES
    Proud papa of YABS

  • I use pigeons.
    Just sayin'...

    Mostly harmless ™
    I/O Gremlin

  • mikhomikho AdministratorHosting ProviderOG

    @bikegremlin said:
    I use pigeons.
    Just sayin'...

    We were not talking about food ;)

    Get 4 or more NAT servers (mix/match between packages) and get a 20 % recurring discount. https://clients.mrvm.net

  • Pigeons are dual-use. ;)

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1993 and still perfectly happy.

Sign In or Register to comment.