|Noah Petherbridge 9736a10e2e More README||9 months ago|
|public||9 months ago|
|src||9 months ago|
|templates||9 months ago|
|.gitignore||9 months ago|
|LICENSE.md||9 months ago|
|Makefile||9 months ago|
|README.md||9 months ago|
|go-reload||9 months ago|
|main.go||9 months ago|
WORK IN PROGRESS
This is a Go web app that lets you store a securely encrypted note that may be unlocked in the event of an emergency or untimely tragedy.
Basically you write a note and leave your e-mail address, and the note is encrypted using AES-256 with a very strong, randomly generated Diceware pass phrase. The server does not store your e-mail address or pass phrase anywhere in a recoverable form.
An example use case:
I want to make sure that, in case of an unexpected tragedy, that my family is able to access my Password Manager vault to log into my accounts.
So I go and create a secure note on Dethnote. Enter my email address and write my note.
The server generates a strong, random Diceware passphrase and encrypts my note with it and tells me what the passphrase is.
I write it down on a piece of paper that I put in my wallet: “In case of emergency, visit <dethnote url> and enter this password:”
If something happens and somebody finds the paper and enters the password, I get an e-mail notifying me that the password has been used and that I have 72 hours to respond. If I don’t answer, I am presumed dead and the secure note will be decrypted.
If I got mugged and my wallet was stolen, no big deal: I can just go and re-encrypt with a new password at my earliest convenience. Even if the criminal tried to decrypt my note, I have 72 hours to prevent it from being unlocked.
As the end user who wants to create an encrypted note:
Now you may log out. The next time your password is entered, the program will enter the Decryption Routine.
After your email is verified, if somebody (or you) goes to open the message up by providing the password, the app will enter the Decryption Routine on that message.
After a note is decrypted, the user viewing it may take actions on it:
Literally everything about the note is encrypted.
The bcrypt+SHA256 hash serves as the key for AES-128 in CBC mode which is used to encrypt the contents of the data files.
On disk there are two files stored with every note:
meta.binis an AES-256 encrypted JSON document that stores the metadata about the note: the owner’s email address, verified email status, the bcrypt hash of the Diceware password, etc.
message.binis an AES-256 encrypted plain text document that stores the actual body of the message you have written.
When the web app is dealing with the encrypted note after it received the
password (or generated the new one for new notes), it only deals with
meta.bin while it’s trying to validate email addresses and run through
the Decryption Routine. This way the plain text of your message is rarely
ever in the application’s working memory.
Only when access has been fully granted to decrypt the message will the
message.bin file be opened.
The admin of the web server has zero visibility into any of the data in the service.
This service relies heavily on a reliable e-mail server for sending out verification e-mails, Decryption Routine warning e-mails, and so-on.
But this is the real world and web servers aren’t always reliable.
On the web, the service will naturally self-test the e-mail system: before you can decrypt a note, you have to verify an e-mail address. This ensures that the e-mail system is working, so that when the Decryption Routine begins, it will be able to send an e-mail to the note owner.
But I mainly wrote this service for myself, and so it has an “Offline Mode” that works in absence of a running web server or e-mail configuration.
My web server backs up to my desktop PC at home, and so there will always be a copy of this application and its database of encrypted notes there. The command line interface of the program allows you to immediately decrypt and open a note that you have a password for. Example:
# Open a note with this password: % dethnote -open "viewable require broom taunt spoiled" Here is the contents of the note!
Note that this doesn’t change any of the security considerations of the service. The passwords are still just as hard to brute force. All this “offline mode” does is bypass the need for e-mail validation and minimum timeouts before opening notes.