Comments (3)
- cannot create a new paste using the same
initVector
That is intentional. https://crypto.stackexchange.com/a/28980 states that the initVector can be public, but must be unique. There's a check on the server side that only allows for unique initVectors.
However, it should not return Internal Error
. I will fix the error message.
- meaning of
encrypted
andpasswordProtected
It seems like on the API side,encrypted
andpasswordProtected
have no effect on enhancing data security, cause it always return full information of a paste.
encrypted
and passwordProtected
are just for indicating to the server that the data is encrypted with AES-256-GCM (and passwordProtected with SHA-512-PBKDF2 + 310,000 iterations). It is returning plaintext since you sent the data to the server in plaintext, and I do not want any sort of encryption to happen on the server side (since this might potentially allow someone to decode your message by storing the keys on the server. If you send encrypted: true
, it is your job to encrypt the data and then send it.
To deal with this, I am making a simple CLI client (#5), using Python. I will also improve the API documentation.
from yabin.
- cannot create a new paste using the same
initVector
That is intentional. https://crypto.stackexchange.com/a/28980 states that the initVector can be public, but must be unique. There's a check on the server side that only allows for unique initVectors.
However, it should not return
Internal Error
. I will fix the error message.
What is the expected error message over here? I may resolve it @Yureien
from yabin.
Will "Not unique Initvector" work?
from yabin.
Related Issues (17)
- Does the plan support editing and custom paths? HOT 10
- Some Questions HOT 5
- Support for custom paths for paste HOT 1
- Dashboard for users HOT 3
- Forget password page HOT 2
- Improve overall code quality (refactoring) HOT 1
- Add CLI support for authentication
- Email Validation during registration blocks valid emails HOT 1
- Update documentation HOT 5
- Login page accessible even after login HOT 1
- Sending big file on docker deployment fails HOT 2
- Adapt UI to smaller resolutions HOT 3
- Option to disable anonymous pastes HOT 3
- Add a shell script HOT 1
- Burn after read & encryption problem HOT 1
- Database Compatibility Issues: MySQL and SQLite Not Supported as Claimed HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yabin.