Secure Paste (Client-Side, Link Fragment)

About this tool

Secure Paste is a static, no-backend encryption utility for developers who need to share short secrets or snippets quickly. Encryption and decryption happen entirely in-browser using the Web Crypto API.

Common use cases

• Share one-time API tokens between teammates during troubleshooting.
• Pass short config snippets securely over chat using a separate passphrase channel.
• Exchange temporary lab credentials without storing plaintext on a server.

How it works

1. You enter text and a passphrase in create mode.
2. The browser derives an encryption key via PBKDF2 and encrypts with AES-GCM.
3. Encrypted payload is encoded into the URL fragment for sharing.
4. The recipient opens the link and decrypts locally using the passphrase.

FAQ

Is data uploaded to a server
No. Only static assets are downloaded. Encrypted content remains in the URL fragment.

Can this guarantee self-destruct
No. True deletion/expiration needs backend state. This tool intentionally avoids fake claims.

What if decryption fails
Usually the passphrase is wrong or the link payload is incomplete/corrupted.

How the cryptography works

Secure Paste uses two Web Crypto API primitives chained together: PBKDF2 for key derivation and AES-GCM for encryption. Understanding what each one does explains both the security properties and the limitations.

PBKDF2 (key derivation): Your passphrase is not used as the encryption key directly — it is run through PBKDF2 with a random 16-byte salt and 100,000 iterations of SHA-256. This process is intentionally slow. The high iteration count means an attacker who captures the encrypted payload cannot brute-force short passphrases cheaply. The random salt ensures that two encryptions of the same passphrase produce different keys, so an attacker cannot precompute a rainbow table against your passphrases.

AES-GCM (encryption): The derived key encrypts your plaintext using AES-256-GCM with a random 12-byte initialization vector. GCM (Galois/Counter Mode) is an authenticated encryption scheme — it produces both ciphertext and a 16-byte authentication tag. When the recipient decrypts, AES-GCM checks the authentication tag first. If the passphrase is wrong, or if any byte of the payload was altered in transit, decryption fails with an authentication error before any plaintext is returned. This guarantees integrity alongside confidentiality.

The URL fragment model: The encoded payload (salt + IV + ciphertext + auth tag) is stored in the URL fragment — the part after the #. Fragments are never sent to servers in HTTP requests. When you share a Secure Paste link, the server hosting the tool receives a request for /secure-paste but never sees the encrypted content. The browser handles the fragment entirely client-side. This is the same mechanism that protects links in many end-to-end-encrypted sharing tools.

Threat model: what this protects and what it does not

Secure Paste is designed for a specific threat model: preventing a passive observer — a server log, a CDN, a network intermediary — from reading content you share via a URL. It is not designed to be a general-purpose secret management system.

Protected against: Server-side exposure (the server never receives plaintext or the encrypted payload), network interception of the fragment (fragments are not transmitted in HTTP requests), accidental link logging in server access logs, and payload tampering (AES-GCM authentication tag will cause decryption to fail if the ciphertext is modified).

Not protected against: Endpoint compromise — if the recipient's machine is compromised, the decrypted plaintext is visible in memory and in the browser. Passphrase interception — if you share the passphrase over an insecure channel (plaintext email, SMS), the security model collapses. Browser extension tampering — malicious extensions can read page DOM after decryption. Long-lived URLs — unlike a server-side secret store, there is no expiration mechanism. Anyone with the link and passphrase can decrypt indefinitely.

Passphrase strength matters more than anywhere else. The PBKDF2 iteration count slows down brute-force attacks, but a four-word passphrase is meaningfully harder to crack than a six-character one. Use something you can communicate out-of-band — a voice call, a separate secure channel — rather than sending it in the same message thread as the link.

When to use Secure Paste vs other tools

Secure Paste is the right choice when you need to share a secret one-time value — an API key, a temporary credential, a sensitive config snippet — and you do not want to run server-side infrastructure to do it. It is particularly useful when the recipient is not on the same secrets manager, when the content is too sensitive for email but too short to warrant a full onboarding flow, or when you need something that leaves no server-side record.

It is not the right choice for secrets that need rotation, access revocation, or audit logs. If you need to know who accessed a secret and when, or if you need to expire a credential after first use, you want a server-side tool: HashiCorp Vault, AWS Secrets Manager, or a purpose-built one-time secret service. Those tools trade the "no server" property for lifecycle controls that Secure Paste cannot provide.

For related security analysis work, the CSP Analyzer helps you inspect Content Security Policy headers that govern what scripts run in browser contexts, and the JWT Decoder breaks down token claims without sending them to a server. If you are generating random identifiers alongside your secrets workflow, the UUID Generator produces cryptographically random v4 UUIDs client-side.