"A client side encrypted PasteBin"
All pastes are AES256 encrypted, we cannot know what you paste...

× {% msg.action.message %}


How does Fragbin work?

A random key is generated and used to encrypt the paste, thanks to the sjcl JavaScript library.

The encrypted content is then sent to the server, which returns the address of the newly created paste.

The JavaScript code redirects to this address, but it adds the encryption key in the URL hash (#).

When somebody wants to read the paste, they will usually click on a link with this URL. If the hash containing the key is a part of it, Fragbin's JavaScript will use it to decrypt the content sent by the server.

The browser never sends the hash to the server, so the latter does not receives the key at any time.

But JavaScript encryption is not secure!

No, it isn't.

The goal of Fragbin is not to protect the user and their data (including, obviously, their secrets).

Instead, it aims to protect the host from being sued for the content users pasted on the pastebin. The idea is that you cannot require somebody to moderate something they cannot read - as such, the host is granted plausible deniability.

What if the server changes the JavaScript code? And what happens in the case of a MITM attack?

How did the idea of Fragbin emerge?

Fragbin is based on sebsauvage's work. The project sprang as a reaction to the implementation of a moderation system on Pastebin, due to the significant amount of illegal content pasted on it, or that it linked to.

How can I host my own Fragbin/0bin?

0bin is an open-source project, and the code is hosted on GitHub. You can either download a tarball or clone the repository.