1
0
mirror of https://github.com/Tygs/0bin.git synced 2023-08-10 21:13:00 +03:00
0bin/README.rst

82 lines
3.1 KiB
ReStructuredText
Raw Permalink Normal View History

2020-08-15 14:24:46 +03:00
0bin: a client side encrypted pastebin
===========================================
2012-04-24 13:34:08 +04:00
2020-08-15 14:24:46 +03:00
0bin is a pastebin that encrypts the user content in the browsder and can run without a database.
2012-04-24 22:15:38 +04:00
* Try it: `0bin.net <http://0bin.net>`_
* `Report a bug <https://github.com/sametmax/0bin/issues>`_
0bin allows anybody to host a pastebin while welcoming any type of content to
be pasted in it. The idea is that one can (probably...) not be legally entitled
2014-10-19 11:34:44 +04:00
to `moderate the pastebin content`_ as they have no way to decrypt it.
2020-08-12 18:26:21 +03:00
It's an Python implementation of the `zerobin project`_, created by sebsauvage, under the `WTFPL licence`_.
2012-04-30 16:33:27 +04:00
2020-08-19 13:38:50 +03:00
To run zerobin, download zerobin.pyz from the latest release_ then:
2012-04-30 16:33:27 +04:00
2020-08-19 13:38:50 +03:00
::
2012-05-19 13:30:33 +04:00
2020-08-19 13:38:50 +03:00
python zerobin.pyz
0bin requires Python 3.7 or higher.
2020-08-19 13:41:39 +03:00
You may need to type :code:`py -3.7 zerobin.pyz` on Windows, or :code:`python3.7 zerobin.pyz` on Mac/Linux, depending on your configuration.
2020-08-19 13:38:50 +03:00
2020-08-19 13:41:39 +03:00
If you are familiar with the Python ecosystem, you can also :code:`python -m pip install zerobin --user` and run :code:`python -m zerobin` for the same effect.
2012-05-19 13:30:33 +04:00
2012-04-30 16:33:27 +04:00
How it works
=============
When creating the paste:
2012-05-21 00:21:33 +04:00
- the browser generates a random key;
2012-04-30 16:33:27 +04:00
- the pasted content is encrypted with this key using AES256;
- the encrypted pasted content is sent to the server;
2012-05-21 00:21:33 +04:00
- the browser receives the paste URL and adds the key in the URL hash (#).
2012-04-30 16:33:27 +04:00
When reading the paste:
- the browser makes the GET request to the paste URL;
- because the key is in the hash, the key is not part of the request;
2012-05-21 00:21:33 +04:00
- browser gets the encrypted content end decrypts it using the key;
- the pasted decrypted content is displayed and sourcecode is highlighted.
2012-04-30 16:33:27 +04:00
Key points:
- because the key is in the hash, the key is never sent to the server;
2012-05-21 00:21:33 +04:00
- therefore it won't appear in the server logs;
- all operations, including code coloration, happen on the client-side;
- the server is no more than a fancy recipient for the encrypted data.
2012-04-30 16:33:27 +04:00
Other features
======================
2020-08-14 19:15:45 +03:00
- automatic code coloration (no need to specify the language);
- pastebin expiration: 1 day, 1 month or never;
- burn after reading: the paste is destroyed after the first reading;
- clone paste: you can't edit a paste, but you can duplicate any of them;
- code upload: if a file is too big, you can upload it instead of using copy/paste;
- copy paste to clipboard in a click;
- own previous pastes history;
2020-08-14 19:15:45 +03:00
- reader mode;
2012-04-30 16:33:27 +04:00
Known issues
============
2012-05-16 11:15:14 +04:00
- 0bin uses several HTML5/CSS3 features that are not widely supported. In that case we handle the degradation as gracefully as we can.
2012-05-21 00:21:33 +04:00
- The pasted content size limit check is not accurate. It's just a safety net, so we think it's ok.
.. _moderate the pastebin content: http://www.zdnet.com/blog/security/pastebin-to-hunt-for-hacker-pastes-anonymous-cries-censorship/11336
.. _zerobin project: https://github.com/sebsauvage/ZeroBin/
2013-04-22 23:44:17 +04:00
.. _node.js: http://nodejs.org/
2012-05-22 14:49:12 +04:00
.. _is not worth it: http://stackoverflow.com/questions/201705/how-many-random-elements-before-md5-produces-collisions
2020-08-15 15:47:17 +03:00
.. _WTFPL licence: http://en.wikipedia.org/wiki/WTFPL
2020-08-19 13:38:50 +03:00
.. _release: https://github.com/Tygs/0bin/releases
Contributing
=============
2020-08-14 19:15:45 +03:00
We cannot accept contributions for the moment, and will ignore PR.