Client-side encryption

The password is encrypted in your browser using an industry standard AES 256 bit encryption and can only be decrypted using the special link you get in return.

Safe storage

We store the encrypted password and a half of the encryption key in our database. The other half (which we never see) is saved directly into the password link.

View once

When the password is viewed, the ciphertext and encryption key part are deleted from our database. Nobody will be able to see the password again.

When you submit the password for secure delivery first two 18 characters long random strings are generated - let's call them public and private encryption key parts. The password is then encrypted right in your browser using the Stanford Javascript Crypto Library (SJCL) using AES 256 bit in GCM mode. The actual encryption key used in the password encryption is a concatenation of the public and private encryption key parts. The public encryption key part is stored in the unique password link that your browser generates and is never seen by us. The private encryption key part is sent to our servers along with the ciphertext returned by SJCL.

Once the unique password link is accessed, our servers send the private encryption key part with the ciphertext and then the actual password is decrypted in the viewer's browser using the public encryption key part in the link and the private encryption key part from our database. After this our servers wipe the private encryption key part and the ciphertext from our database making the accessed password link completely void. Our servers will never see the public encryption key part because it is stored in the URL as a fragment identifier (#...). A browser does not send the fragment identifier to a server.

As the whole service uses HTTPS only, you can be sure that the password can not be seen by anyone else than those who have access to the original, unique password link. If, however, someone accesses the password link before the actual recipient, the link will show a message that the password has already been seen and actions should be taken. Notifications can also be sent when a password is viewed (read more about the additional features below).

All our servers are running in Finland and are thus following the strict privacy laws of Finland.

We deliberately have strict limits for the service usage for unregistered users. If you need raised usage limits or more features, consider creating a free account or subscribing to one of our paid plans.

List of stored passwords

Includes e.g. password ID, password description (if set), timestamp when viewed, IP address of the viewer. Actual passwords can't be shown, of course.

Password description

A description for the password to help distinguish it from other stored passwords.

Email notifications

An email will be sent to the specified address when the password is viewed. The IP address of the viewer will be included in the email.

Callback URL *

When the password is viewed, a HTTP POST request will be sent to the specified URL containing details about the event.

API*

Our simple HTTP API makes it very easy to integrate password.link into your own application.