How does temporar.io work ?

We generate a random encryption key in the browser and we use it to encrypt the paste using AES-256 through the awesome sjcl library.

We then send the encrypted paste to the server through an AJAX request which gives us a random address for the newly created paste (based on an UUID v4).

We then redirect to the given address using client-side javascript and append the encryption key in the URL after the hash (#). Thus, the address of a paste is of the pattern https://temporar.io/paste/<some random id>#<encryption key>

When you copy the URL and send it to someone, they click or paste the link into the browser.
The browser retrieves the encrypted data from the server using the random id contained in the URL.
Whatever is after the hash symbol (#) is not sent to the server and remains in the browser.
Therefore, the server never receives the decryption key and everything is decrypted directly in the browser.

Is Javascript encryption secure ?

There are many many websites discussing the issues of cryptography in a browser but it's getting better.
The main issue is that it's a bad idea because browsers and javascript can be tampered with too easily and don't provide a sound environment for cryptography.

Be aware that the goal of encrypting the data directly in the browser is to prevent the server hosting the data from knowing what it's hosting. You can't require someone to moderate content they cannot read.
In that way, the host is granted plausible deniabily. At least, we hope ;)

So our goal is not to protect the user, but the server which hosts the data.
Remember that as a user, you should use our service the same way as an unencrypted and insecure pastebin, meaning, with caution.
Even if we try our best to secure everything between our servers and your browser, stay cautious of what you paste.

Why did you build temporar.io ?

Temporar.io is nothing new. There are many other websites providing the same service such as:

Temporar.io is just another approach to the same ideas using Phoenix/Elixir and a dead-simple interface.