Passlocker — Secure Secret Sharing

About

Passlocker lets you share passwords, API keys, and sensitive notes via one-time, self-destructing links — with zero-knowledge end-to-end encryption.

🛡️ Zero-Knowledge E2EE
Your secrets are encrypted IN YOUR BROWSER using AES-256-GCM before they ever leave your device. The decryption key lives only in the URL fragment (#key) — it is NEVER sent to or stored on the server. Even the server administrator cannot read your secrets. This is the same zero-knowledge architecture used by PrivateBin and the former Firefox Send.

🔐 Key Features:
• End-to-end encrypted (AES-256-GCM) — client-side, in your browser
• Self-destructing links (limited views + time expiration)
• Optional password protection (Argon2 hashed)
• Right-click any selected text → instantly create a secure link
• Auto-copy to clipboard with in-page confirmation toast
• QR code generation for easy mobile sharing
• No accounts, no login, no tracking, no ads
• GDPR compliant — hosted in Germany (Hetzner)

🔗 How It Works:
1. Type or select a secret
2. Your browser encrypts it with AES-256-GCM (the key never leaves your device)
3. Only the ciphertext is sent to the server, wrapped in a second encryption layer (Fernet)
4. You get a link with the decryption key in the #fragment — never transmitted via HTTP
5. The recipient's browser decrypts client-side — the server never sees the plaintext
6. After viewing or expiration, the secret is permanently deleted

💡 Dual Encryption:
Layer 1: Client-side AES-256-GCM (zero-knowledge E2EE)
Layer 2: Server-side Fernet envelope (AES-128-CBC + HMAC-SHA256)

🖱️ Two Ways to Use:
• Extension popup: paste your secret, configure views/expiration, generate link
• Right-click context menu: select any text on a page → "Share via Passlocker"

🌐 Full integration with passlocker.busirus.com
Open-source backend available for self-hosting.

Privacy: No analytics, no cookies, no browsing data collected. See our privacy policy at https://passlocker.busirus.com/privacy