Skip to main content
GhostPaste

Security Architecture

A technical deep dive into how GhostPaste keeps your code private

Zero-Knowledge Architecture

GhostPaste implements true zero-knowledge encryption. This means we have zero ability to access your plaintext data, zero knowledge of your encryption keys, and zero way to comply with requests to decrypt your data.

What You Can See

  • Your original code and files
  • The encryption/decryption key
  • When and how to share
  • Complete control over your data

What We Can't See

  • Your unencrypted code
  • Your encryption keys
  • What your paste contains
  • Who you share with

Encryption Implementation

Encryption Flow

1

Key Generation

A cryptographically secure random 256-bit key is generated using crypto.getRandomValues()

2

Client-Side Encryption

Your data is encrypted using AES-256-GCM with a unique IV for each encryption

3

Binary Format

Encrypted data is packed into a custom binary format with version info and file metadata. Enforces limits: 500KB/file, 5MB total, 20 files max

4

Server Storage

Only the encrypted blob is sent to and stored on our servers

5

Key in URL Fragment

The encryption key is placed in the URL fragment (after #) which never reaches any server

Cryptographic Details

Encryption Algorithm
AES-256-GCM (Galois/Counter Mode)
Key Size
256 bits (32 bytes)
IV Size
96 bits (12 bytes) - unique per encryption
Auth Tag Size
128 bits (16 bytes)

Infrastructure Security

Hosting
Cloudflare Workers (Edge Computing)
Storage
Cloudflare R2 (S3-compatible)
Transport
TLS 1.3+ enforced
DDoS Protection
Cloudflare automatic protection
Data Residency
Global edge locations

Password Protection & Authentication

GhostPaste offers optional password protection for your gists, allowing you to control who can edit or delete them. This feature uses industry-standard password hashing to ensure your password remains secure even if our servers are compromised.

How Password Protection Works

1

Password Creation

When you set a password, it's sent securely to our server where it's immediately hashed using PBKDF2-SHA256 with 100,000 iterations and a random salt

2

Secure Storage

Only the hash and salt are stored in our database. Your original password is discarded immediately after hashing

3

Edit Verification

When editing, your password is sent to the server where it's re-hashed with the same salt and compared against the stored hash

4

Zero Knowledge

We can verify your password without ever knowing what it is, maintaining zero-knowledge principles

Hashing Specifications

Algorithm
PBKDF2 with SHA-256
Iterations
100,000 (OWASP recommended minimum)
Salt Size
128 bits (16 bytes) of cryptographically secure random data
Hash Output
256 bits (32 bytes)
Password Requirements
4-20 characters with at least one letter and one number

Security Benefits

  • Brute-force resistance: 100,000 iterations make cracking computationally expensive
  • Rainbow table protection: Unique salts prevent precomputed attacks
  • Server compromise safety: Even if hashes leak, passwords remain protected
  • Zero-knowledge: We never see or store your actual password
  • Timing attack protection: Constant-time comparison prevents timing-based attacks

Password Best Practices

Use a unique password not used elsewhere

Consider longer passwords for sensitive data

Include numbers, letters, and symbols

Avoid common patterns (1234, password)

Don't reuse passwords from other services

Remember: password protects edits, not viewing

Data Retention & Cleanup

Automatic Expiration

  • All gists have mandatory expiration times (default: 7 days)
  • Encrypted data is permanently deleted after expiration
  • No data recovery possible after expiration
  • Metadata (size, timestamp) is also purged

View-Once Security

  • Gist is immediately deleted after first view
  • Perfect for sharing sensitive credentials
  • Prevents accidental re-access
  • Link becomes permanently invalid

Security Guarantees

End-to-End Encryption

Data is encrypted before leaving your browser and decrypted only in the recipient's browser

Forward Secrecy

Each paste uses a unique encryption key that's never reused

Authenticated Encryption

GCM mode ensures data integrity and authenticity

Browser Security & Privacy

What's Encrypted

  • All file contents and code
  • File names and descriptions
  • Programming language information
  • Number of files in gist

Visible Metadata

  • Gist ID and creation timestamp
  • Expiration time and view-once status
  • Encrypted blob size (but not content size)
  • Whether password protection is enabled

Browser Requirements

Modern browser with Web Crypto API support

JavaScript enabled for encryption/decryption

HTTPS required (enforced automatically)

Chrome 37+, Firefox 34+, Safari 11+

Mobile browsers with crypto support

Internet Explorer not supported

Threat Model

What We Protect Against

Server compromise - encrypted data remains secure

Network eavesdropping - TLS + client encryption

Legal requests - we cannot decrypt your data

Data breaches - only encrypted blobs exposed

Replay attacks - unique IVs and auth tags

Tampering - GCM authentication detects changes

Limitations

Compromised device: If your device is compromised, attackers can access decrypted data

Phishing: Always verify you're on ghostpaste.dev before entering passwords

Link sharing: Anyone with the complete link can decrypt - share carefully

Browser security: We rely on browser's WebCrypto implementation

Trust, but Verify

Don't just take our word for it. GhostPaste is fully open source, allowing you to:

Audit the Code

  • • Review our encryption implementation
  • • Verify no backdoors or data collection
  • • Check for security vulnerabilities
  • • Ensure keys stay client-side
View Source Code

Run Your Own Instance

  • • Deploy to your own infrastructure
  • • Control your data completely
  • • Customize for your needs
  • • Perfect for sensitive environments
Deployment Guide

Security Disclosure

Found a security vulnerability? We appreciate responsible disclosure.

Please review our security policy for responsible disclosure guidelines:

View Security Policy

We'll acknowledge your report within 48 hours and work with you to understand and resolve the issue quickly.

Security Through Transparency

Our code is open, our encryption is proven, and your data remains yours.