Sneakernet Send 👟



Enter your private message into the box above then encrypt it.



Enter an encrypted message into the box above then decrypt it.

Output

Debug Console

FAQs

How do I protect a message?

If this is your first time here, configure your security key (see "First time here?" above) before proceeding:

  1. Type your message into the text box at the top of the page.
  2. Click the Protect Message button above.
  3. Complete the WebAuthn authentication with the security key you prepared earlier.
  4. Copy the encrypted text that appears in the Output box.
  5. Send your encrypted message and security key to the intended recipient however you want (but not together.)

A protected message will look like this:

hx8n0vIjRG_LhHzkrr83icFjvv45K3zyN3MqKl_Q9UUWCn8x8CzEIHt5:PnZ4Q2GYaP9qyXS-:V776nkChBS2U1RU0-NtpMVYjLPN-NjfDIsc1oMH4p-gJ1SflxDBS6dcK4qy0ZcSq

Protected messages are encrypted using AES-256-GCM encryption.

Only the recipient of both the protected message and the security key can read a protected message!

How do I read a protected message?

  1. Paste the protected message into the text box at the top of the page.
  2. Click the Read Message button above.
  3. Complete the WebAuthn authentication with the security key that was used to protect the message.
  4. Read the original message that appears in the Output box.

What is going on behind the scenes?

If you want to dive into the technical weeds then check out this blog post of mine where I explore the "prf" extension and how it can be used for symmetric encryption key derivation:

https://blog.millerti.me/2023/01/22/encrypting-data-in-the-browser-using-webauthn/

How do I know you're not reading my messages?

Open your browser's dev tools and check out the Network tab, you'll see no outbound network requests occur at any time.

You can also View Source in the browser or see the code on GitHub to make sure this site is on the up-and-up.

But why?

A dream, fulfilled...

I keep diving deeper and deeper into WebAuthn, spurred on by hacker fantasies in which sneakernet distribution of secure hardware authenticators is the only way to fight the corporations

First time here?

This site uses WebAuthn's "prf" extension to perform end-to-end encryption, entirely in the browser, of the message you want to protect. No data leaves the browser.

You will need an OS and browser that supports the "prf" extension, as well as an authenticator that supports the CTAP2 "hmac-secret" extension. For best results (as of mid-2023) try macOS Chrome 116, and a recent FIDO2 security key. OS, browser, and authenticator support is subject to change.

When you're ready, click the button below to set up your security key: