cryptgeon is a secure, open source sharing note or file service inspired by PrivNote
🌍 If you want to translate the project feel free to reach out to me.
Thanks to Lokalise for providing free access to their platform.
Check out the demo and see for yourself https://cryptgeon.nicco.io.
- server cannot decrypt contents due to client side encryption
- view or time constraints
- in memory, no persistence
- obligatory dark mode support
How does it work?
each note has a generated
id (256bit) and
key 256(bit). The
is used to save & retrieve the note. the note is then encrypted with aes in gcm mode on the
client side with the
key and then sent to the server. data is stored in memory and
never persisted to disk. the server never sees the encryption key and cannot decrypt the contents
of the notes even if it tried to.
||Memcached URL to connect to.|
||Max size for body. Accepted values according to byte-unit|
||Maximal number of views.|
||Maximal expiration in minutes.|
||Allow custom configuration. If set to
https is required otherwise browsers will not support the cryptographic functions.
Docker is the easiest way. There is the official image here.
# docker-compose.yml version: '3.7' services: memcached: image: memcached:1-alpine entrypoint: memcached -m 128M -I 4M # Limit to 128 MB Ram, 4M per entry, customize at free will. app: image: cupcakearmy/cryptgeon:latest depends_on: - memcached environment: SIZE_LIMIT: 4M ports: - 80:5000
See the examples/nginx folder. There an example with a simple proxy, and one with https. You need to specify the server names and certificates.
- External proxy docker network
- A certificate resolver
- A https entrypoint
- Domain name
version: '3.8' networks: proxy: external: true services: memcached: image: memcached:1-alpine restart: unless-stopped entrypoint: memcached -m 128M -I 4M # Limit to 128 MB Ram, 4M per entry, customize at free will. app: image: cupcakearmy/cryptgeon:latest restart: unless-stopped depends_on: - memcached networks: - default - proxy labels: - traefik.enable=true - traefik.http.routers.cryptgeon.rule=Host(`example.org`) - traefik.http.routers.cryptgeon.entrypoints=secure - traefik.http.routers.cryptgeon.tls.certresolver=le
pnpm install pnpm --prefix frontend install # Also you need cargo watch if you don't already have it installed. # https://lib.rs/crates/cargo-watch cargo install cargo-watch
Make sure you have docker running.
If you are on
macOSyou might need to disable AirPlay Receiver as it uses port 5000 (So stupid...) https://developer.apple.com/forums/thread/682332
pnpm run dev
pnpm run dev in the root folder will start the following things:
- a memcache docker container
- rust backend with hot reload
- client with hot reload
You can see the app under localhost:1234.