ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

docs: update for encrypt-by-default CLI

Browse Source 
Update README.md, api.md, and error hints to reflect:
- encryption is now default (no -e flag needed)
- use -E/--no-encrypt to disable
- file path shortcut (fpaste file.txt)
This commit is contained in:
Username
2025-12-20 18:12:00 +01:00
parent ba29b6e319
commit a2c5a013ef
3 changed files with 20 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@@ -105,29 +105,30 @@ pip install cryptography
### Basic Usage
```bash
# Create paste from file
./fpaste create file.txt
# Create paste from file (encrypts by default)
./fpaste file.txt
# Returns: https://paste.example.com/abc123#<key>
# Shortcut: file path auto-selects "create" command
./fpaste secret.txt # Same as: ./fpaste create secret.txt
# Create paste from stdin
echo "Hello" | ./fpaste
# Create encrypted paste (E2E, zero-knowledge)
./fpaste create -e secret.txt
# Returns: https://paste.example.com/abc123#<key>
# Disable encryption (upload plaintext)
./fpaste -E file.txt
./fpaste create --no-encrypt file.txt
# Create burn-after-read paste (single access, auto-deletes)
./fpaste create -b secret.txt
./fpaste -b secret.txt
# Create paste with custom expiry (1 hour)
./fpaste create -x 3600 temp.txt
./fpaste -x 3600 temp.txt
# Combine options: encrypted + burn-after-read
./fpaste create -e -b secret.txt
./fpaste -b secret.txt
# Get paste content
./fpaste get abc12345
# Get encrypted paste (auto-decrypts if URL has #key fragment)
# Get paste content (auto-decrypts if URL has #key fragment)
./fpaste get "https://paste.example.com/abc123#<key>"
# Get paste metadata
@@ -142,12 +143,13 @@ echo "Hello" | ./fpaste
### End-to-End Encryption
The `-e` flag encrypts content client-side using AES-256-GCM before upload:
Content is encrypted by default using AES-256-GCM before upload:
- Key is generated locally and never sent to server
- Key is appended to URL as fragment (`#...`) which browsers never transmit
- Server stores only opaque ciphertext
- Retrieval auto-detects `#key` fragment and decrypts locally
- Use `-E` or `--no-encrypt` to disable encryption
This provides true zero-knowledge storage: the server cannot read your content.