Dev Tools · 2h ago
Developer builds end-to-end encrypted pastebin where server can't read data
A developer created hidetext.sh, a pastebin that encrypts text in the browser before sending it to the server, using the Web Crypto API with AES-GCM. The encryption key is stored in the URL fragment, which is never transmitted to the server, ensuring zero-knowledge. The service also supports optional burn-after-read, though handling simultaneous reads required a simple first-fetch deletion approach.
Meridian48 take
While the technical implementation is sound, the real challenge for such services is trust and adoption, as users must rely on the client-side code being delivered without tampering.
Read the full reporting
How I built an end-to-end encrypted pastebin (and why the server can’t read your text) →
DEV Community
encryptionpastebin