Fisilti (Whisper)

Fisilti is a secure, ephemeral secret sharing platform built with Go and Vanilla JavaScript.

It allows you to send passwords, API keys, or sensitive text via a link that self-destructs immediately after being viewed once. Designed with a "Zero-Knowledge" architecture, the server never sees the plaintext data or the decryption keys.

Features

• Zero-Knowledge Architecture: Encryption happens in the browser using the Web Crypto API. The decryption key is contained in the URL anchor (#) and is never sent to the server.

• Burn-on-Read: Secrets are permanently deleted from the server memory the moment they are retrieved.

• Double Encryption: 1.Client Layer: AES-256-GCM (Key generated by browser) 2.Server Layer: AES-256-GCM (Key generated by server on startup).

• Ephemeral Storage: All data is stored in RAM. Restarting the server wipes all secrets instantly.

• Secure Defaults: Enforces HTTPS/TLS to enable browser cryptography features.

• Modern UI: Responsive design with automatic Dark/Light theme switching.

Architecture

Fisilti uses a Client-Side Encryption model to ensure privacy.

The Write Flow

1. Client (Browser): Generates a random 32-byte ClientKey.

2. Client: Encrypts the secret: AES-GCM(ClientKey, Secret).

3. Client: Sends the Encrypted Blob to the server (via POST).

4. Server: Encrypts the blob again using its internal MasterKey (Defense in Depth).

5. Server: Stores the double-encrypted data and returns a random ID.

6. Client: Constructs the final link: https://site.com/view/{ID}#{ClientKey}.

The Read Flow

1. Recipient: Clicks the link. The browser sends GET /view/{ID} to the server.

   • Note: The browser does not send the #{ClientKey} part to the server.

2. Server: Looks up ID. If found, decrypts its layer (MasterKey) and returns the Encrypted Blob.

3. Server: Immediately deletes the record from memory.

4. Client: Reads #{ClientKey} from the address bar.

5. Client: Decrypts the blob locally to reveal the secret.

Installation & Usage

Prerequisites

• Go 1.21+ installed.

• OpenSSL (for generating development certificates).

• Docker (if you want to run the project as container)

1. Clone the Repository

git clone https://github.com/fksvs/fisilti.git
cd fisilti

2. Generate SSL Certificates

Since the Web Crypto API requires a secure context (HTTPS), you must generate self-signed certificates for local development.

mkdir certs
openssl req -x509 -newkey rsa:4096 -keyout certs/key.pem -out certs/cert.pem -days 365 -nodes -subj '/CN=localhost'

3. Run the Server

go run cmd/main.go

4. Access the Application

Open your browser and navigate to:

https://localhost:8080

Note: You will see a security warning because the certificate is self-signed. Click "Advanced" -> "Proceed" to accept it.

Building with Docker

1. Build the project

docker build -t fisilti .

2. Run the container

Generate the certificates first!

docker run -d -p 8080:8080 -v "$(pwd)"/certs:/app/certs:Z fisilti:latest

Contributing

Pull requests are welcome. For bug fixes and small improvements, please submit a pull request. For major changes, please open an issue first to discuss what you would like to change.

License

This project is free software; you can redistribute it and/or modify it under the terms of the GPLv3 license. See LICENSE for details.