compare secure pastebin available projects
Table of Contents
Requirements
- It must encrypt on the client side (js code) the contents before sending to the server. Server has no way of reading decrypted contents.
- Project must be actively maintained.
- Small footprint: we don’t want a whole complex JVM for such task.
- We can select expiry.
- We can set a password: The URL contains the key, if url is stolen, contents are readable. A password provides 2FA.
- Syntax highlighting is nice to have but mandatory
- Can we use from shell? like cli client
Candidates
| Name/URL | client-side encryption | maintained | language | expiry | password | syntax highlighting | cli client | comment |
|---|---|---|---|---|---|---|---|---|
| 0bin | aes256 | not actively, last commit Mar 2021 | js, python | yes | no | yes | no | seems abandonned: github comment says We cannot accept contributions for the moment, and will ignore PR. |
| paaster | aes356-cbc | yes, last commit 21.08.2022 | js, python | yes | no | yes | yes | documentation about client-side and server-side secrets are confusing somehow.. it copy-paste bin, not an editor |
| privatebin | aes256-gcm | yes actively | js, php | yes | yes | yes | no | QR code generation, file upload, discussions board |
| purritobin | yes | no, last commit 11 Apr 2021 | c++ | yes | no | no | yes | made for cli friendly and minimalistic |
0bin
It surely was an interesting project. However, the project seems nearly abandonned. There is no cli client. There is no password protection.
I do not recommend this project anymore.
Privatebin
Actively maintained project. Client-side is managed by javascript and server-side with PHP. Interesting features: password protection, QR code generation, discussion board, file attachments. No cli client is the missing feature.
Interesting to use for common case. Good project.
Paaster
Actively maintained project. Client-side is managed by javascript and server-side with Python. Interesting features: direct bin for copy-paste, no editing. API for client, expiry selection.
Recommended where cli client is of a good need. Fewer features than privatebin, but if cli client and API integration is your need, get this one.
Purritobin
Not really an active project, while a c++ server and client exist. Very minimalistic application, no password, no file attachment. json api exist for the client and encryption is optionnal.
Give a try but not actively developped is missing sign of evolution.