Bloc-notes is an encrypted, private and secure notebook.
All notes, local or cloud, are encrypted with AES-256-GCM.
The user can save and edit notes, change color, copy, export and use Markdown/HTML. The user can create tasks lists, tables, links, code blocks, etc. The user can also search for notes or filter by categories.
The user can also sign in to sync all notes between their devices or browsers in a secure database. The user can also make a note public and share it via a random URL. No email is required, only a username and a strong password.
This website is a PWA (Progressive Web App), the user can install it as an application. Service Worker has automatic updates.
The website is fully responsible for mobile devices. The icons come from Fontawesome. The website is also accessible for people with disabilities thanks to high-contrast colors, ARIA modules and focusable elements. A light/dark mode is also available and the user can choose the accent color of the entire page.
The user's connection for online sync is maintained by a secure cookie. Passwords are hashed with the latest algorithms before being sent to the database.
Each user has their own randomly generated 32-byte encryption key and salt. Once logged in, the user can change their password or delete their account according to the GDPR. Security measures are in place against XSS, CSRF, SSRF, SQL injections, etc.
Bloc-notes stores the username, hashed password, and encrypted notes in a secure database until the user deletes this data themselves. Only the user has access to the content of their encrypted notes. The website editor disclaims any responsibility for the content of user notes.
The user can use biometrics to unlock notes. Biometric data is stored in the browser's local storage and is never sent to the server.
Warning
Never store passwords or too personal data in your notes regardless of the service, even if it is encrypted.
- 2FA login
- Password protected notes
- Markdown plugins
If you find issues, vulnerabilities or if you have any suggestions to improve this project, feel free to discuss!
Documentation: MDN Web Docs, OWASP, PHP Delusions
Javascript libraries: DOMPurify and Marked (modified checkboxes and crossorigin images)
docker-compose up --build -d to build the Docker container
Important
The website is available at localhost:8787, but if you want to deploy it on a server with a domain name or an IP address, you need to install a SSL certificate to use note encryption (Web Crypto API requires HTTPs). Edit all users, passwords and Docker configurations for production.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}