privateburn/README.md

# 🔥 SecureBurn
A ultra-minimalist, zero-dependency Node.js "PrivateBin" clone. It allows users to share encrypted secrets that self-destruct (burn) immediately after the first access.

# 🛡️ Security Model: Zero-Knowledge
Encryption: AES-256-GCM encryption happens entirely in the sender's browser.

Privacy: The decryption key is stored in the URL after the # symbol (the fragment identifier).

Blind Storage: Browsers do not send the URL fragment to the server. Therefore, the server only ever sees and stores encrypted binary data. It has no way to read your secrets.

Self-Destruction: The server deletes the encrypted file from the disk the moment it is streamed to a recipient.

# 🚀 Getting Started
## Prerequisites

Node.js (v16.0.0 or higher recommended)
No package manager (npm/yarn) is required.
For TLS put nginx or haproxy in front.

## Installation & Running

Clone or copy the two files (server.js and index.html) into a directory.

Start the server:

```Bash
node server.js
```
Access the UI: Open http://localhost:3000 in your browser.


# 🛠️ Configuration
The application is designed to be plug-and-play. You can modify the constants at the top of server.js:

PORT: The port the server listens on (default: 3000).

DATA_DIR: Where encrypted blobs are stored (default: ./data).

MAX_SIZE_BYTES: Maximum secret size (default: 10MB).

# 📋 Features
Zero Dependencies: Uses only native Node.js modules (http, fs, crypto, path).

10MB Capacity: Handles large text blocks or small files.

One-Click Copy: Generated links are automatically copied to the clipboard.

Mobile Friendly: Clean, responsive "Chat-style" UI.

Immediate Erasure: Uses fs.unlink to ensure the encrypted file is removed from the filesystem after one read.

# ⚠️ Important Notes
Persistence: Since it uses the file system, secrets will survive a server restart until they are burned.

HTTPS: To use the Web Crypto API (window.crypto), this app must be served over HTTPS in production (except for localhost).


# Todo
- example of how to use the api, including script to generate the encrypted file
- add some method to delete secrets that have not been accessed within a certain time frame.
- add some method to expiry secrets (e.g. when creating, maybe define how long they should be valid for)
- add progress indicator to UI
- add rate limited to make abuse harder?
engage 2026-01-15 13:38:02 +02:00			`# 🔥 SecureBurn`
			`A ultra-minimalist, zero-dependency Node.js "PrivateBin" clone. It allows users to share encrypted secrets that self-destruct (burn) immediately after the first access.`

			`# 🛡️ Security Model: Zero-Knowledge`
			`Encryption: AES-256-GCM encryption happens entirely in the sender's browser.`

			`Privacy: The decryption key is stored in the URL after the # symbol (the fragment identifier).`

			`Blind Storage: Browsers do not send the URL fragment to the server. Therefore, the server only ever sees and stores encrypted binary data. It has no way to read your secrets.`

			`Self-Destruction: The server deletes the encrypted file from the disk the moment it is streamed to a recipient.`

			`# 🚀 Getting Started`
			`## Prerequisites`

			`Node.js (v16.0.0 or higher recommended)`
			`No package manager (npm/yarn) is required.`
Update README.md 2026-01-16 11:07:41 +00:00			`For TLS put nginx or haproxy in front.`
engage 2026-01-15 13:38:02 +02:00
			`## Installation & Running`

Update README.md 2026-01-16 11:07:41 +00:00			`Clone or copy the two files (server.js and index.html) into a directory.`
engage 2026-01-15 13:38:02 +02:00
			`Start the server:`

			```Bash
			`node server.js`
			```
			`Access the UI: Open http://localhost:3000 in your browser.`


			`# 🛠️ Configuration`
			`The application is designed to be plug-and-play. You can modify the constants at the top of server.js:`

			`PORT: The port the server listens on (default: 3000).`

			`DATA_DIR: Where encrypted blobs are stored (default: ./data).`

			`MAX_SIZE_BYTES: Maximum secret size (default: 10MB).`

			`# 📋 Features`
			`Zero Dependencies: Uses only native Node.js modules (http, fs, crypto, path).`

			`10MB Capacity: Handles large text blocks or small files.`

			`One-Click Copy: Generated links are automatically copied to the clipboard.`

			`Mobile Friendly: Clean, responsive "Chat-style" UI.`

Update README.md 2026-01-16 11:07:41 +00:00			`Immediate Erasure: Uses fs.unlink to ensure the encrypted file is removed from the filesystem after one read.`
engage 2026-01-15 13:38:02 +02:00
			`# ⚠️ Important Notes`
			`Persistence: Since it uses the file system, secrets will survive a server restart until they are burned.`

			`HTTPS: To use the Web Crypto API (window.crypto), this app must be served over HTTPS in production (except for localhost).`


			`# Todo`
Update README.md 2026-01-16 11:07:41 +00:00			`- example of how to use the api, including script to generate the encrypted file`
engage 2026-01-15 13:38:02 +02:00			`- add some method to delete secrets that have not been accessed within a certain time frame.`
			`- add some method to expiry secrets (e.g. when creating, maybe define how long they should be valid for)`
Update README.md 2026-01-16 11:07:41 +00:00			`- add progress indicator to UI`
			`- add rate limited to make abuse harder?`