Skip to content
EasyToPaste

How EasyToPaste works

Private sharing that is provably private — not just promised.

The 20-second version

You type or pick a file. Your browser scrambles it with a strong encryption key. That key is baked into the link. We store only the scrambled version. When the recipient opens the link, their browser uses the key in the link to unscramble it — entirely on their device. We never had the key. We never saw the content.

What we can and can't see

EasyToPaste can see EasyToPaste can never see
That a secret exists, its type and size The contents of any secret
When it was created, opened, or expired The decryption key or passphrase
Who created it (if signed in) The file name's contents or the text
Org metadata for audit (Team tier) Anything an admin could decrypt — they can't

The data flow

Zero-knowledge data flow diagram
For the technically curious

Content is encrypted with AES-256-GCM in the browser via the Web Crypto API. The 256-bit key is generated with crypto.getRandomValues and encoded as base64url in the URL fragment (#k=…). The fragment is never sent in HTTP requests — it is browser-only. The server receives and stores only ciphertext. Mode B (Code + Passphrase) derives the key via Argon2id (WASM, 64 MiB memory, 3 iterations) — the passphrase never leaves the browser.