> returns a static HTML page showing a password prompt that you can now safely upload anywhere<p>Anywhere that you trust, and where the page is hosted securely. For example, a malicious hosting service could alter the password prompt. Or the page as a whole could be put in a frame with a transparent overlay.
Author here. I was wondering why I was seeing plenty of people from github on my meditation website so I checked HN, hi!<p>Happy to answer any question you might have, and feel free to offer feedback too.<p>(Last time this got posted to HN[1] was really productive in improving the project, thanks!)<p>[1] <a href="https://news.ycombinator.com/item?id=34849024">https://news.ycombinator.com/item?id=34849024</a>
Built the same thing, but with a slightly different focus: Have the result as small as possible, so assuming you can trust your browser you can audit the received HTML file prior to entering your password: <a href="https://github.com/dividuum/html-vault">https://github.com/dividuum/html-vault</a>
Similar project that supports files: <a href="https://github.com/mprimi/portable-secret">https://github.com/mprimi/portable-secret</a>
Reminds me of one of my projects:<p><a href="https://github.com/blackhillsinfosec/skyhook">https://github.com/blackhillsinfosec/skyhook</a><p>Round-trip encrypted file transfer. Uses WASM to decrypt files on the client side.<p>Aims to bypass IDS.
Similar (but also for a narrower use case with fewer features): <a href="https://github.com/sowbug/quaid">https://github.com/sowbug/quaid</a><p>It wraps a JS implementation of only the decryption side of GPG symmetric encryption, so there's less opportunity for the tool itself to introduce security errors.
I used this before and it was really decent, actually had it as a build step on some dev preview stuff. Only moved to basic auth because getting it to remember people through re-deploys was a faff so it became annoying when it wasn’t working (I’m aware it has a solution to this problem but it wasn’t really working for me easily)
Another interesting project allows you to do a similar thing with Hugo. I'm a bit nervous to use these myself but seems useful for some limited, non-serious use cases.<p><a href="https://github.com/Izumiko/hugo-encrypt">https://github.com/Izumiko/hugo-encrypt</a>
Nice project. There should be some project which standardizes a mechanism to do that that with a browser extension. This would make it possible to share websites without trusting the web hoster.
This is what I'm looking for: a way to put something in public (I'm using Vercel) that "only" me can access (anybody who can decrypt it doesn't need the content that I encrypt).