On Friday I wanted to send access data to a customer. Since I only had an email address and a cell phone number (including WhatsApp contact), I was faced with the problem of how to securely send the access data to the customer.
Plain Email is a no-go. He doesn’t have a GPG key or keybase account either and pages of formatted data via Whatsapp is also rather uncool. It annoyed me that I didn’t have a fast way to send a note or formatted text in a secure way. In the end I packed the whole thing into a file, put everything in a ZIP (with password) and sent it via mail. The password was sent to him via WhatsApp. It worked, but I was not satisfied.
So I sat down and thought about how to do it better - and the result is https://fastcry.pt. fastcry.pt is a small webservice that is designed for that purpose: to transfer data fast and easy.
The whole thing works quite simple. If you open the page, you will see a small form. A textarea field and an (optional) “I choose my own password” field. In the textarea you just paste the text/message/note you want to send and that’s it. Just click on “Store” and the message will be stored on the server AES256 encrypted. If you insert a password into the password field, it will be used for encryption - otherwise the service generates a random password.
Once the data is encrypted and stored, the service generates a “Decryption URL”. This is unique and the only way to get to the note. The “Decryption URL” and password (if computer-generated) are then displayed again. As soon as you close the popup, everything is over. No way to get the information back.
Now you can take the “Decryption URL” and send it to the receipient customer. To be on the safe side, you should send the password again via a second channel. If the receipient opens the URL, a password is requested. If the correct password is entered, the decrypted note is displayed. As easy as that.
Simple, Fast, Secure
It was very important to me, that the whole thing is easy, fast and secure and I think I managed to do that. The URL is opened quickly. Basically you only have to put your text into the form, send it and you are done. The whole thing is completely anonymous. There is no database, there are no logs (except the logs at Cloudflare), there is no tracking. The data is encrypted via AES256 and the password is discarded. The service is only available via https:// and also when connecting between Cloudflare and my server only TLS is allowed.
Since this is meant for simple, quick notes, everything older than 30 days will be overwritten automatically with random data and then deleted.
So if you want to quickly exchange a note or something like that with somebody else, please try this service. It’s free and accessible for everyone.
I’ve made the project OSS as well, so you can host your own instance of fastcry.pt if you like. It’s on github. Fork it, use it, contribute.
Feedback is more than welcome.