DedPaste an End-to-End Encrypted terminal pastebin.

Keerthi Chinthaguntla -

If you have worked with me, you might have noticed that I enjoy working within the terminal. I guess it is safe to say that Cam and I share similar interests in this area. When Cam announced DedPaste, I knew I had to give it a spin.

If you haven't already read Cam's latest post about how he built DedPaste, you can find it here:

ChatGPT Just Became Garbage
I want to start this post by stating no AI was used in the creation of this blog post (I did use Grammarly, but I’m not counting that one). Now, ChatGPT was a solid go-to for many tasks: python scripts, ingesting PDFs, giving me BLUFs, and basically making me habitually
#! SHE BASHCameron Banowsky

In today's world of data breaches and privacy concerns, securely sharing sensitive information is more important than ever. Enter DedPaste, a command-line pastebin tool that offers powerful end-to-end encryption features. In this blog post, I'll walk you through getting started with DedPaste's encryption capabilities, ensuring your data remains private even as it travels across the internet.

Prerequisites

Before we begin, make sure you have:

  • Node.js version 15 or higher installed
  • Basic familiarity with the command line
  • A terminal application

Installation

Installing DedPaste is straightforward using npm (Node Package Manager), which comes bundled with Node.js:

npm install -g dedpaste

This installs the CLI globally, allowing you to use the dedpaste command from any directory on your system.

Exploring DedPaste Options

Let's first check what options are available with DedPaste. In your terminal, run:

dedpaste --help

This displays all available commands and options. For encryption-specific features, we're particularly interested in these commands:

  • keys - For key management operations
  • send - For creating and sending encrypted pastes
  • get - For retrieving and decrypting pastes

Setting Up Encryption Keys

Before creating encrypted pastes, you need to generate a key pair (a public key for encryption and a private key for decryption):

dedpaste keys --gen-key

This command generates a new RSA key pair and stores them in the ~/.dedpaste/keys/ directory:

  • Private key: ~/.dedpaste/keys/private.pem
  • Public key: ~/.dedpaste/keys/public.pem

You should see confirmation output similar to:

✓ Generated new key pair:
  - Private key: ~/.dedpaste/keys/private.pem
  - Public key: ~/.dedpaste/keys/public.pem
💡
Important: Keep your private key secure and never share it with anyone. If you lose your private key, you won't be able to decrypt your pastes.

Creating Your First Encrypted Paste

Now that you have your keys set up, let's create an encrypted paste. There are several ways to do this:

Method 1: Piping content from the command line

echo "This is my secret message" | dedpaste --encrypt

Method 2: Using a file

dedpaste --file /path/to/secret-file.txt --encrypt

Method 3: Interactive mode

For a more guided experience:

dedpaste send --interactive --encrypt

This opens an interactive menu that walks you through creating an encrypted paste.

When you create an encrypted paste, DedPaste performs the following actions:

  1. Generates a random symmetric key for AES-256-GCM encryption
  2. Encrypts your content with this symmetric key
  3. Encrypts the symmetric key with your public RSA key
  4. Combines everything into a secure format
  5. Uploads the encrypted data to the server

The server never sees your unencrypted content or encryption keys!

After creating your encrypted paste, you'll get a URL that looks like:

📋 https://paste.d3d.dev/e/AbCdEfGh

Notice the /e/ in the URL path - this indicates that the paste is encrypted.

Retrieving and Decrypting a Paste

To retrieve and decrypt a paste:

dedpaste get https://paste.d3d.dev/e/AbCdEfGh

DedPaste automatically detects that this is an encrypted paste (thanks to the /e/ in the URL) and uses your private key to decrypt it.

If you want to use a specific private key file:

dedpaste get https://paste.d3d.dev/e/AbCdEfGh --key-file /path/to/private.pem

Creating One-Time Encrypted Pastes

For extra security, you can create one-time pastes that are automatically deleted after being viewed once:

echo "This message will self-destruct after reading" | dedpaste --encrypt --temp

The --temp flag marks this as a one-time paste.

Advanced: Sharing Encrypted Messages with Friends

DedPaste also supports secure friend-to-friend encrypted messaging. Here's how to set it up:

  1. Each person generates their own key pair using dedpaste keys --gen-key

When Alice receives the link, she can decrypt it using her private key:

dedpaste get https://paste.d3d.dev/e/AbCdEfGh

Send an encrypted message to your friend:

echo "Secret message only for Alice!" | dedpaste send --encrypt --for alice

Add your friend's public key:

dedpaste keys --add-friend alice --key-file alice_public.pem

Exchange public keys:

# Export your public key to share with a friend
dedpaste keys --export


How the Encryption Works

Behind the scenes, DedPaste uses a hybrid encryption approach:

  1. RSA Asymmetric Encryption: For secure key exchange
  2. AES-256-GCM Symmetric Encryption: For efficient content encryption

This hybrid approach provides the security benefits of asymmetric encryption with the performance benefits of symmetric encryption. Each paste uses a different random symmetric key, which is then encrypted with the recipient's public RSA key.

Security Benefits

  • Zero Knowledge: The server never sees your unencrypted content or keys
  • Strong Encryption: Uses industry-standard AES-256-GCM
  • Client-Side Security: All encryption/decryption happens on your device
  • Key Privacy: Private keys never leave your device

Get Involved!

DedPaste is an open-source project that welcomes community contributions. If you're interested in helping improve DedPaste or have ideas for new features, here's how you can get involved:

  1. GitHub Repository: Visit https://github.com/anoncam/dedpaste to explore the code.
  2. Report Issues: Encountered a bug or have a feature request? Open an issue on the GitHub repository.
  3. Submit Pull Requests: Contributions are welcome! Whether it's fixing bugs, improving documentation, or adding new features.
  4. Share Your Use Cases: Let us know how you're using DedPaste in your workflow.

We're particularly interested in contributions that enhance the encryption features, improve user experience, or add support for additional platforms.

Conclusion

DedPaste's encryption features make it a powerful tool for securely sharing sensitive information. Whether you're sharing credentials with teammates, sending confidential data to clients, or just keeping your personal notes private, DedPaste's end-to-end encryption ensures that your data remains secure from prying eyes.

Oh, did I mention that you can self-host DedPaste?