Skip to content
This repository has been archived by the owner on Dec 27, 2023. It is now read-only.

ZeroBin

Jump to bottom
Sean McGregor edited this page Oct 21, 2012 · 9 revisions

Status and Overview

ZeroBin encrypts the content in the browser using Javascript before sending it to the remote server for storage. The decryption key is then added to the anchor of the URL before it is inserted into the host page. The anchor is never shared with the remote server, so it is never able to read the decrypted text. In order to read the content, users must have both the link, and the ciphertext.

We modified the ZeroBin application to work with the Privly URL Specification. It now places the ciphertext URL onto the anchor with the decryption key. This change removed ZeroBin's dependence on server rendering.

Once we finish refining the implementation via the Privly-Web content server, we will start packaging the application directly into the extensions.

For More Information:

Which Systems Have Access to What

We list which components have access to particular pieces of information below:

  • Content Server (Privly or similar party)
  • Ciphertext
  • Host Page
  • Link Key
  • Injectable Application - Posting
  • Cleartext
  • Link Key
  • Ciphertext
  • Injectable Application - Reading, non-permissioned
  • Link Key
  • Injectable Application - Reading, permissioned
  • Cleartext
  • Ciphertext
  • Link Key
  • Extension
  • Cleartext
  • Ciphertext
  • Link Key
  • Encryption Library
  • Nothing

Posting Process (Encryption)

This is the high level process for posting content by the content server.

  1. (User Action) The user types the content into the Posting Application, selects which identities they want to share with, and submits the form.
  2. The application generates a new symmetric key in Javascript, and encrypts the content with the key in Javascript.
  3. The application sends the encrypted content to the remote server.
  4. The content server then returns a URL for the content, to which the application adds the key in the anchortext before placing the link into the host page

Cryptography API Function Calls

  • None

HTTPS Requests

The following network requests will be made by the application:

  • Get user sharing lists and CSRF token
  • Post Ciphertext and sharing list

Viewing Process (Decryption)

This is the high level process for decrypting content by users who have permission to view the content.

  1. Request the ciphertext
  2. Decrypt the content with the link key attached to the anchor of the URL

Cryptography API Function Calls

  • None

HTTPS Requests

The following network requests will be made by the application:

  • Get Content

Foundation Home
Repository List
Development Mailing List
Testing Mailing List
Announcement Mailing List
Central Wiki
Submit a Bug
IRC
Download Extension
These documents are under active development and discussion.

Credit: This Google Summer of Code content is licensed under the CC Attribution-Noncommercial-Share Alike 3.0 Unported license furnished by the Sahana Software Foundation.

Injectable Applications

System Hierarchy

Specifications

Version List

Developer Guides

Security

Google Summer of Code

Clone this wiki locally