smol share is a service for sending short-lived encrypted snippets. it was initially created to faciliate sharing links between different personal devices in a private way.
shared data is encrypted with the user-provided password. the password can be very short thanks to using the PBKDF2-HMAC-SHA256 key derivation function (rounds=600000). this expands a short input (the password) into a longer encryption key. the data in turn is encrypted using AES-GCM with salt and IV generated anew for each encryption operation using a secure cryptographic random generator.
the password is never sent to the server but stays in the user's browser session. the encrypted data is stored on the server in-memory. all data is wiped when the server program shuts down or restarts.
visiting a share is done by receiving a share link or typing the small amount of characters representing the share name and the password.
before display, user input is sanitized using the well-regarded DOMPurify library. the scannable QR code is generated in the browser session without any external requests.
title font bianzhidai pearl by xiaoyuan gao and body font sligoil micro by ariel martín pérez; background pattern by thomas loreille.
this service and website was made entirely by a person typing code and reading docs. reject corporate coding models, embrace your own agency