What is secureBin?

Google Chrome extension for interfacing securely with PasteBin.

Users can encrypt the plaintext and have it stored on PasteBin, where they can copy the link and key to send it to another user for decryption. First, users need to get an API key from PasteBin to post it onto PasteBin. Once the API key is added to the extension on the settings page, users can post their messages securely to PasteBin. To learn more about our project and the design decisions check out the Wiki page.

Goal

The goal of secureBin is to provide an extra level of privacy with 3rd party services you may use. We have natively integrated the PasteBin api to allow users to quickly upload and share encrypted text. Users also have the ability to encrypt text to their clipboard and share it with other 3rd party services like WhatsApp, Email, Etc.

Disclaimer

secureBin is not designed to protect against those with physical access to your computer. Due to the nature of extension storage in Chrome, any data that is stored in the extensions history or settings tab are stored unencrypted.

Security Overview

secureBin is build upon the open source Forge Crypto Library.

Encryption Modes

secureBin supports three modes of AES symmetric encryption:

  • CBC (Default)
  • CTR
  • GCM

Supported key lengths are: 128, 192, 256

Usage

When encrypting to PasteBin or Clipboard, users can select to enter their own password or receive a randomly generated encryption key. If a user supplies a password, it will be used along with a randomly generated 128 byte salt to derived a key using PKCS5/PBKDF2.

After Encryptions, the following cipher text will be generated and displayed to the user.

What is public?

  • Cipher Text
  • Encryption Mode
  • IV
  • Tag (Only with GCM Mode)
  • Salt (Only with Password Encryption)
  • Key Length (Only with Password Encryption)

What is private?

  • Key