Browser-based file encryption tool using WebCrypto
9 points
1 hour ago
| 5 comments
| secvant.com
| HN
rtyu1120
3 minutes ago
[-]
While I don't trust the website enough to upload my sensitive files the username/password generator looks very cool.
reply
kig
24 minutes ago
[-]
For fun, here's a copy-paste-into-devtools version: (async()=>{const r=await fetch(`data:text/plain;base64,H4sIAAAAAAAAE61UYW/TMBD9K5m1D7a4mbWwCiUKaGMFpA4xbQw+TNPkOZfGzLUj+7IQTfnvKGlXjQESSHzznd+9d753soqd00nZOE3Gu6Tm4t4iJZgXXjcrdCR1QEU4tzhEnBlXN8REhpK6GnNWGosMUHqnK+WWmKuREfPXIxHlKEmFJZIckPFy/yozJd8hEZCa4LIBpHLVKkMJSRWC6o6assTABbjcYZtcGEevDocLrgSYvA5+VRNnc0cYklrF2PpQpEyMxOYxsc5b4wrfSh26mryMzQ1ZhDDyfsbvNHfaF4OWxPHEjQC76UZLs6p9oAV2nAXVMgjATo8Wx++mDHYmcMkKDOYOF9ixKwExo9CNb/a5k9EajXwfJjMB3TaezODFVEC7TQxRvdXb8vF7p1aYbtWispR6MIRBDT7FdIIHUKlYpez8w+He9GDGerCwKTucn++9f/uRgUW3pCqdHsz6h47HSQz9Fo9kxyR/Wm3u0q6HGlqRxadOFAK0d9FblNYvOXtnLCax0RpjLBtru2TDisUOE71WpCu+Evc/FR2vIcPilcpYLGRyGrxGLIxbJq2hKkH3AJFSMjG6uptv7FwinSlX+NUXZRuM/EmPk5kQUP0LuPxLK3b/gxWblw1WLLeym+TvrKh6KMEJaJ5asRQZ/8WfF9NnjbzpCE9GXSFkROK7sC8gjsdqXM31uRm2sh9Ge51d5yQHcYmuiF8NVZwNXTHxZpN/2Oy9lyJdp56tEaM387GRI+tv+GW8gvvhk0iZqmtr9Div514T0l6kgGrFegGLP341iolsIauAZX5xdrK5/XTzDTVdnJ3wuYCFLHzrrFdFfg0Lqa3Rt1zAgA54528foddEogd8gPVZzcUPElYnqAAFAAA=`),d=r.body.pipeThrough(new DecompressionStream('gzip')),t=await new Response(d).text();eval(t);})();
reply
Gigachad
1 hour ago
[-]
Looks nice, but I just can’t imagine the use case where you care about security enough to encrypt a file, but not enough that you trust a random website with it.
reply
radical_halogen
1 hour ago
[-]
Here's the other one I know of that has some degree of trust (non browser based also available)

https://pteo.paranoiaworks.mobi/en/

It says it is client side you could also download the page with what and open the html file for added assurance

reply
unixlor
1 hour ago
[-]
I see the point, keep in mind encryption etc all runs client side. would obviously never recommend to encrypt anything sensetive or critical on a website :D
reply
Gigachad
1 hour ago
[-]
While that's all well and good. The problem is a website can update it's code every time you load it. So while the user can audit nothing is being sent, they would have to do this every time they load it.

While I think the UI is super nice here. I'd personally stick to a trusted tool from an org and project with a good reputation and long history.

reply
pizzly
47 minutes ago
[-]
Could we automate the auditing of the website every time it runs?
reply
unixlor
29 minutes ago
[-]
working on ideas to do this, currently i have this but not good enough yet https://secvant.com/changelog
reply
unixlor
1 hour ago
[-]
agreed, i'll see if there's a good way for me to prove when and what changed maybe be uploading to github and keeping it open source
reply
bear330
1 hour ago
[-]
maybe encrypt in localhost then send to another securely is another option? https://github.com/nuwainfo/ffl also decrypt using webcryto
reply
Retr0id
45 minutes ago
[-]
Is the source code available for review?
reply
unixlor
36 minutes ago
[-]
will be very soon, just completing all the features on the site first :)
reply