A no-database tool for sharing short secrets by link
Crate.cc has a secret-sharing tool for sending passwords, tokens, or short private text without storing the message in a database. The browser encrypts the text locally with AES-GCM before anything sensitive is handled by the server. The server’s is used to lock a small envelope that contains only the AES key and the expiration time.
The encrypted message and needed data are placed inside the . When the link is opened, the opens the small envelope, checks whether it has expired, locks the AES key again for the recipient, and clears its memory. If the link is too old, the server answers with 410 Gone.
The design aims to keep the actual secret text away from server storage and server memory, except for brief handling of key information.
Key points
- The private text is encrypted inside the browser before the server handles the link.
- The server only receives a small envelope with the AES key and expiration time, not the plain secret.
- The share link carries the encrypted data through the .
- The checks the time limit, prepares the key for the recipient, and clears memory afterward.
- Expired links return 410 Gone instead of revealing the secret.