Comment by scosman
5 days ago
I feel like I’d rather send “uuid:cipertext” so the cipertext never touches a server, but logically the security seems the same.
5 days ago
I feel like I’d rather send “uuid:cipertext” so the cipertext never touches a server, but logically the security seems the same.
Hey. Only the ciphertext is stored on the server; the key never leaves your machine. The uuid:key format is just a pointer to the encrypted payload. Without the key, the server’s stash is useless. Zero-knowledge by design
I feel like I'm being very stupid. If the key never leaves my machine, how do I share a secret?
When you run:
npx enstash "my secret"
Stasher performs everything locally:
Generates a random 256-bit encryption key
Encrypts your secret using AES-256-GCM
Sends only:
the ciphertext
the IV (initialization vector)
the auth tag
a randomly generated UUID
The encryption key is never sent to the server. It never leaves your machine.
You are then shown a single string:
uuid:base64key
The uuid points to the encrypted stash on the server
The base64key is the encryption key you just generated
Only the person who has both parts can decrypt the secret
How You Share the Secret
You send the full uuid:base64key token to your recipient — over any channel you like slack or whatever.
When they run:
npx destash "uuid:base64key" on the token
Stasher:
Fetches the encrypted stash using the uuid
Deletes it immediately (burn-after-read)
Decrypts it locally using the base64key
Shows the secret
The server never sees the key. Not during upload or during retrieval.
3 replies →
I'd recommend changing your tagline -
> Share secrets from your terminal. One-time only. No accounts. No backend. No BS.
A server sure sounds like a backend to me.
Yes, that's a fair comment technically speaking: Cloudflare Workers + KV + Durable Objects is a backend. I was trying to imply No user accounts, no persistent database, no stateful sessions etc I will reword - thanks for the feedback