SecretDrop.io

Public Encryption Link

lock

Files and messages encrypted with this link can only be decrypted with the private decryption link. Share this link.

Generating key on this device

Private Decryption Link

key

This link can only decrypt files and messages encrypted with the public encryption link above. Never share this link.

Generating key on this device

How this works?

This uses Elliptic-curve cryptography to exchange keys and Advanced Encryption Standard (AES) to encrypt the files and messages. The encryption link contains the public key. The decryption link contains the private key.

You might find these YouTube videos helpful:
Elliptic Curves - Computerphile
Secret Key Exchange (Diffie-Hellman) - Computerphile
AES Explained (Advanced Encryption Standard) - Computerphile

Wikipedia:
Elliptic-curve cryptography
Elliptic-curve Diffie–Hellman
Advanced Encryption Standard (AES)

How secure is this?

This uses Elliptic-curve cryptography to exchange keys, Elliptic-curve cryptography is also used in Bitcoin to authenticate the billion of dollars of transactions every day.

"the U.S. government uses it to protect internal communications, the Tor project uses it to help assure anonymity, it is the mechanism used to prove ownership of bitcoins, it provides signatures in Apple's iMessage service, it is used to encrypt DNS information with DNSCurve, and it is the preferred method for authentication for secure web browsing over SSL/TLS."

-A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography, CloudFlare

Advanced Encryption Standard (AES) is then uses to encrypt the files and messages. According to Wikipedia:

"Fifty supercomputers that could check a billion billion (10¹⁸) AES keys per second (if such a device could ever be made) would, in theory, require about 3×10⁵¹ years to exhaust the 256-bit key space." (3×10⁵¹ years is 3 sexdecillion years)

In addition everything is done in the browser. Nothing leaves your device and I do not collect any of your information. I don't even have a server that can process users information (can't afford one). Try disconnecting your device from the internet, this site would still work!

The source code for this website is publicly available on Github anyone can read it since I have nothing to hide.

Give me some of that juicy technical details.

Diagram of how SecretDrop.io works — Here is a diagram

Elliptic-curve Diffie–Hellman (ECDH) is used for both sides to establish a shared secret. I chose Curve25519 because it seems popular. The shared secret is then pass through PBKDF2 with 3000000 iterations (3000000 iterations takes around 1 second on my phone and laptop) and 16 bits of random data as salt to derive a 256 bit AES key. The message or file is then encrypted with AES-GCM. Other than the PBKDF2 key derivation operation, all other delays are artificially added. EC and AES are actually really fast. Besides PBKDF2, all other operations are done in less than a second on my laptop (other than large files for AES). When multiple files are encrypted, each file will have its own EC key pair.

Encryption links are of the form:
https://SecretDrop.io/encrypt/#key=[public key]

Decryption links are of the form:
https://SecretDrop.io/decrypt/#key=[private key]

Encrypted messages are of the form:

          
            +-------------+---------------+-----------------+
            | size (byte) | type          | description     |
            +-------------+---------------+-----------------+
            | variable    | string        | VersionCode     |
            +-------------+---------------+-----------------+
            | 1           | string        | "."             |
            +-------------+---------------+-----------------+
            | variable    | base64 string | EncryptedBuffer |
            +-------------+---------------+-----------------+

Encrypted files are of the form:

          
            +-------------+--------+-----------------+
            | size (byte) | type   | description     |
            +-------------+--------+-----------------+
            | 1           | uint8  | VersionCode     |
            +-------------+--------+-----------------+
            | variable    | buffer | EncryptedBuffer |
            +-------------+--------+-----------------+

VersionCode (uint8)

          
            +---------+--------------+
            | version | version code |
            +---------+--------------+
            | 1       | 1            |
            +---------+--------------+

EncryptedBuffer (all data are stored in big endian)

          
            +-------------+--------+------------------------+
            | size (byte) | type   | description            |
            +-------------+--------+------------------------+
            | 32          | uint32 | encrypter's public key |
            +-------------+--------+------------------------+
            | 16          | uint16 | key import salt        |
            +-------------+--------+------------------------+
            | 12          | buffer | iv                     |
            +-------------+--------+------------------------+
            | variable    | buffer | encrypted data         |
            +-------------+--------+------------------------+
            | 16          | buffer | authentication tag     |
            +-------------+--------+------------------------+