Secure-drop provides a way for users to securely, using browser-side PGP encryption on the client, submit files and/or messages to specified recipients in the Ethereum Foundation via a web form.
- User writes a message and may select files for a selected recipient.
- The user's browser encrypts the content using OpenPGP.js with a public key of the recipient, before submitting the encrypted content to the server.
- The server uses its email delivery service to send the email to the intended recipient.
- The recipient receives the encrypted message/file, and can then decrypt it using their private PGP key.
Docker Compose.
- Sendgrid
- Google reCAPTCHA
Make a fork of the repository. Set environment variables in .env
file, using the provided example. Customise the templates and code. Update public keys in static/js/public-keys.js. Deploy to your web server or K8s cluster.
If the server running the service were to be compromised, this could lead to severe issues such as public keys and email addresses being changed/added so that an attacker can also read the encrypted messages.
A server operator should follow best practises for security when setting up and operating the server running the service.
docker compose up
The server will be listening on 4200 port.