smol share is a service for sending short-lived encrypted snippets. it was initially created to faciliate sharing links between different personal devices in a private way.
shared data is encrypted with the user-provided password. the password can be very short thanks to using the PBKDF2-HMAC-SHA256 key derivation function (rounds=600000). this expands a short input (the password) into a longer encryption key. the data in turn is encrypted using AES-GCM with salt and IV generated anew for each encryption operation using a secure cryptographic random generator.
the password is never sent to the server but stays in the user's browser session. the encrypted data is stored on the server in-memory. all data is wiped when the server program shuts down or restarts.
visiting a share is done by receiving a share link or typing the small amount of characters representing the share name and the password.
before display, user input is sanitized using the well-regarded DOMPurify library. the scannable QR code is generated in the browser session without any external requests.
this service and website was made entirely by a person typing code and reading docs. reject corporate coding models, embrace your own agency.
title font bianzhidai pearl by xiaoyuan gao and body font sligoil micro by ariel martín pérez; background pattern by thomas loreille.