once.REST links section
why?
Not so often, but there are situations when you want to share certain information or a file only once, guaranteed. For example, you may need to share a password or a unique link to a specific resource.
Perhaps you want to share the seed phrase of a cryptocurrency wallet. In such cases, it is not desirable to transmit such information openly through any (even secure) communication channel. Especially copying your seed phrase to some web service.
once.REST was designed as a service that fully implements the privacy-by-design concept. The information entered by the user is always encrypted on the client-side, and the token used to access the data is hashed. So, none of the service shards have access to the shared information itself, nor even the token used to make the request.
Additionally, once.REST fully supports secure browsers (like Tor), enabling anonymous usage. At the moment, the service does not even use CAPTCHA. The only limitation in the current version is that the size of the data should not exceed 32MB in unencrypted form.
quickstart
create microshare
open microshare
details
How does it work?
The once.REST microsharing service consists of two main components: the client-side (web application) and the shard database in the cloud. The client-side has no knowledge of the server-side details, and the server-side cannot access the data operated by the client-side, including the original request tokens. This ensures both user information and the service itself remain protected, as there is no way to know what is stored on the servers.
The client-side operates with three main parameters: the request token, encryption password, and user data (text or arbitrary file).
The request token can be any string with a length of at least 16 bytes. In automatic mode, a pseudorandom sequence of 21 bytes will be used as the token. The original request token is never transmitted to the server in plain text; it undergoes cascading hash functions.
The encryption password can be of arbitrary length (the longer and more complex, the better). In automatic mode, the password will be computed from the original token using the Determino scheme, where the original token serves as the master password. The encryption password never leaves the user's device.
Before encryption, the user data undergoes special preparation, including padding and mixing with a pseudorandom initialization vector, to avoid data homogeneity when using identical encryption passwords. Finally, the data is encrypted with a key derived from the original password, in a separate web worker on the client-side.
Optionally, the user can choose to save the creation time of the microsharing record (this parameter will also be encrypted along with the main data).
Optionally, a self-destruct timer for the record can be set in seconds.
The once.REST service also supports additional protection measures in public places, such as hiding the original token and the entered or displayed text data.
Upon successful and complete loading of data into the shard database, the user sees a link containing the original token. The data associated with this token can be retrieved exactly once using the once.REST web client. The data is completely and irreversibly deleted from all copies of the shard at the moment of the request. If any failure occurs during the data retrieval process or on the client-side, all data associated with that microsharing will be lost.
Options & Hints
Create archive options
⓪ Token
Arbitrary string with a minimum length of 16 bytes.
In automatic mode (checkbox selected by default), client generates 21 pseudorandom bytes or 42 characters in hexadecimal notation.
When selecting the "Hide token" checkbox, the text field will be replaced with a password input field, and in the case of automatic mode, the token will be regenerated.
The token is never transmitted to the server in its original form, only after cascading hashing.
① Encryption password
The password can be of arbitrary length, but it is recommended to use strong passwords with a minimum length of 18 characters.
In automatic mode (checkbox selected by default), the password is generated using the Determino scheme from the original request token.
② Date and Time
Optionally, you can save the creation date and time of the microshare record. This parameter will be encrypted along with the main data.
You can also optionally set a self-destruct timer for the record in seconds. If there is no access to the record within the specified time, the record will be permanently destroyed. This parameter is encrypted only with the service keys.
③ Data type
Choose the data type - either text data or an arbitrary file. The type of stored data is encrypted along with the main data.
For the "Text" data type, there is an option "Blur input" that applies blurring to the entered data in the text area.
For the "File" data type, in the current version of once.REST, the file name is not preserved.
④ Data
Depending on the selected data type, either a text input area or a file upload icon will be shown.
⑤ Share
Initiates the process of hashing, encrypting, and uploading to the shard. Upon success, the user sees a link generated on the client-side, through which they can access the microshared data.
Open archive options
⓪ Fetch
When a user clicks on the generated microshared link, they will see the "Fetch" button and a warning: clicking the "Fetch" button will initiate an irreversible process of deleting the microsharing record and retrieving the data.
If there is an error during data transmission or processing on the client-side, data recovery will not be possible.
① Encryption password [optional]
Optional input field for the encryption password used to create the microsharing record. It appears only if the client cannot decrypt the data using the automatically generated password from the original token.
② Decrypt [optional]
Initiates the process of decrypting the received data in case the client cannot decrypt the data using the automatically generated password from the original token.
At this stage, the encrypted data of the microsharing record is already fully on the client-side and permanently removed from the shard database of the service.
The number of decryption attempts is unlimited.