CryptoPaste is a secure pastebin service inspired by CryptoBin. Like CryptoBin, CryptoPaste strives to be a secure, stable and clean pastebin service, especially now that CryptoBin has seemingly shut its doors indefinitely. The goal is to perform all encryption, decryption, and data handling in the user's browser so that the CryptoPaste host has both plausible deniability and the inability to comply with court orders or takedown requests.
CryptoPaste is a HackThisSite project.
- Pastes are encrypted before being sent to the server
- No passwords stored
- All identifying information is anonymized
- Expired content is deleted forever
- CRON for enforced expiration
An active demonstration of CryptoPaste can be found at https://cryptopaste.org
- (Need Help!) Write legitimate testing
- (Need Help!) Tidy up all code
- (Need Help!) Fix the UI to have better responsive scaling and other improvements
- PHP 7
- Composer
- MySQL or SQLite
- Clone or download this repository, then
cd
into the directory, and run
$ composer install
-
Install
resources/cryptopaste.mysql.sql
into your MySQL database and create a user with SELECT, INSERT, UPDATE, and DELETE grants- For SQLite, use the
resources/cryptopaste.sqlite.sql
file
- For SQLite, use the
-
Copy
config.ini.example
toconfig.ini
and edit the values -
Edit your
nginx.conf
and add this to yourhttp
block:
map $remote_addr $ip_anonym1 { default 0.0.0; "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" $ip; "~(?P<ip>[^:]+:[^:]+):" $ip; } map $remote_addr $ip_anonym2 { default .0; "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0; "~(?P<ip>[^:]+:[^:]+):" ::; } map $ip_anonym1$ip_anonym2 $ip_anonymized { default 0.0.0.0; "~(?P<ip>.*)" $ip; } log_format anonymized '$ip_anonymized - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; access_log /var/log/nginx/access.log anonymized;
- In your
nginx.conf
, in theserver
block, this is all you need to run the CryptoPaste app:
location ~ /securimage/(images/.*|securimage(_play\.swf|\.js|\.css))$ { try_files $uri $uri/ =404; alias /var/www/cryptopaste/vendor/dapphp; } location / { try_files $uri /index.php$is_args$args; } location ~ ^/index\.php(/|$) { fastcgi_pass unix:/var/run/php-fpm.sock; # Change this to reflect how your PHP-FPM is running fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SERVER_NAME $host; }
- Add a CRON entry to force deletion of expired pastes. Here is an example crontab entry that is run every 5 minutes as the
www-data
user:
*/5 * * * * www-data /usr/bin/php /var/www/cryptopaste/src/cron.php >> /var/log/cryptopaste-cron.log
Any time you upgrade, you must make sure to flush the cache/twig/
folder of all content (minus the .gitignore
file, of course).
CryptoPaste is licensed under the GNU General Public License v3.0. More details are in the LICENSE file.
CryptoPaste uses the following technologies:
- Sensio Labs frameworks (Silex, Symfony components, Twig)
- Composer, phpUnit
- Client-side JavaScript libraries and frameworks:
- Bootstrap and jQuery
- AES encryption and password generation from the Stanford Javascript Crypto Library
- AES backward compatability by Moveable Type
- Syntax highlighting by Highlight.js
- Password strength testing by zxcvbn
- smoothscroll polyfill
- clipboard.js
- Travis-CI, CLA Assistant