Tornote

Self-destructing notes written on Go with Stanford JS Crypto Library for client-side encryption/decryption.

Latest stable version deployed on https://tornote.herokuapp.com/

Security aspects

AES-256 encryption used with 27 bytes secret key (randomly generated on client).
All private data including secret not leaving a web-browser without encryption.
Server stored only anonymous encrypted data (without any reference to author or reader).
Note decrypted on the client-side via the SJCL and immediately deleted on server after reading.

If you have ideas to improve the our safety/security so far as possible please post the issue.

Configuration settings can be set with .env file or environment.

DATABASE_URL - Data source name (DSN) for PostgreSQL database.

SECRET_KEY - Server secret used for CSRF protection.

HTTPS_ONLY - HTTPS only traffic allowed (disabled by default).

Deploy to Heroku cloud:

Build and run locally with Docker:

git clone https://github.com/osminogin/tornote
docker build -t tornote .
docker run -p 8000:8000 -e DATABASE_URL=... -e SECRET_KEY=... tornote

Name		Name	Last commit message	Last commit date
Latest commit History 123 Commits
.github/workflows		.github/workflows
cmd/tornote		cmd/tornote
public		public
templates		templates
.dockerignore		.dockerignore
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
COPYING		COPYING
Dockerfile		Dockerfile
Makefile		Makefile
README.md		README.md
app.json		app.json
go.mod		go.mod
go.sum		go.sum
handlers.go		handlers.go
handlers_test.go		handlers_test.go
middleware.go		middleware.go
note.go		note.go
server.go		server.go
server_test.go		server_test.go