End-to-End Encrypted Message Sharing on Cloudflare Workers
Zero-Knowledge β’ Password Protected β’ Self-Destructing
π Live Demo β¨ Self-Hosted Ver
| Feature | Description |
|---|---|
| π AES-256-GCM Encryption | Military-grade encryption in your browser |
| π‘οΈ Zero-Knowledge Architecture | Server cannot read your data. Ever. |
| π Optional Password Protection | Extra layer with PBKDF2 key derivation |
| π₯ Burn After Reading | Self-destruct after first view |
| β±οΈ Expiration Control | 1 hour to 30 days |
| π Auto RTL Support | Persian, Arabic, Hebrew auto-detection |
| π± Fully Responsive | Works on all devices |
| π« No Registration | No emails, no accounts, no tracking |
βββββββββββββββ AES-256-GCM βββββββββββββββ
β Browser β ββββββββββββββββββββ β Cloudflare β
β (Encrypt) β β KV β
β Key in URL β ββββββββββββββββββββ β (Storage) β
β Fragment β β β
βββββββββββββββ βββββββββββββββ
- Client-Side Encryption: Message encrypted in browser before sending
- Key in URL Fragment: Decryption key never reaches server (after
#) - Zero Storage: Server only sees ciphertext, never plaintext
- Optional Password: PBKDF2 with 100,000 iterations for extra security
This guide uses Cloudflare Dashboard (no CLI required) - the exact method used for sp.theazizi.ir
- Cloudflare account (free tier works)
- 5 minutes of your time
- Go to dash.cloudflare.com
- From left sidebar: Storage & Databases β KV
- Click "Create a namespace"
- Name:
PASTEBIN_KV - Click "Create"
β οΈ Important: Remember this exact name -PASTEBIN_KV
- Go to Workers & Pages β Create application
- Click "Create Worker"
- Name your worker (e.g.,
secure-pastebin) - Click "Deploy" (we'll replace the code next)
This step is critical - connects your KV to the worker:
- In your Worker dashboard, click "Settings" tab
- Go to Bindings section
- Click "Add"
- Select "KV Namespace"
- Configure:
- Variable name:
PASTEBIN_KV(must match exactly) - KV namespace: Select the one you created in Step 1
- Variable name:
- Click "Deploy"
- In your Worker, go to "Edit code" (or Quick Edit)
- Delete all existing code
- Copy the entire
worker.jsfrom this repo - Paste into the editor
- Click "Save and Deploy"
To use your own domain like sp.theazizi.ir:
- In Worker dashboard, go to "Triggers" tab
- Click "Add Custom Domain"
- Enter your subdomain (e.g.,
sp.yourdomain.com) - Add CNAME record in your DNS pointing to your worker
- Wait for SSL certificate (automatic)
If you prefer Wrangler CLI:
# Install Wrangler
npm install -g wrangler
# Login to Cloudflare
wrangler login
# Create KV namespace
wrangler kv:namespace create "PASTEBIN_KV"
# Update wrangler.toml with your KV ID
# Deploy
wrangler deploy- Algorithm: AES-256-GCM
- Key Derivation: PBKDF2 (100,000 iterations)
- IV: Random 12-byte per message
- Key Location: URL fragment (never sent to server)
- No server-side logs
- No analytics or tracking
- No registration required
- Messages auto-expire
- Burn-after-read option
secure-pastebin/
βββ worker.js # Main Cloudflare Worker code
βββ README.md # This file
βββ LICENSE # MIT License
#InternetForAll
Internet access is a fundamental human right.
Restricting internet access violates human rights and limits freedom of expression, access to information, and the ability to communicate securely. We believe in free, open, and secure internet for everyone β regardless of borders, politics, or censorship.
This tool is built to ensure private, secure communication remains accessible to all.
Contributions welcome! Areas to improve:
- File attachments (encrypted)
- QR code generation for sharing
- Custom themes
- Browser extension
MIT License - see LICENSE file
TheGreatAzizi
- GitHub: @TheGreatAzizi
- X/Twitter: @the_azzi
- Demo: sp.theazizi.ir
Built with β€οΈ for a free and open internet