Open Tech Forever

Tech Blog


Keeping your secrets safe – How does privnote encrypt your chats?

Privnote offers a clever solution to this problem – it allows you to encrypt text messages that self-destruct after being read once. It prevents any permanent record of your private chats. Privnote is a free online service that lets you create encrypted textual notes that vanish after being read. You share sensitive information confidentially without leaving any forensic trace. To use it, go to private and type or paste your message in the text box provided. Add a password if you want, and hit “Create Note”. It generates a unique one-time URL. Share this URL with your intended recipient. When they open the URL, they’ll see your message. It gets permanently deleted from Privnote’s server after the first viewing. The URL also stops working. This leaves no evidence of your communication.

  1. Message encryption

When you hit “Create Note”, Privnote encrypts your message locally in your browser before sending it to their server. This uses asymmetric encryption via JavaScript code provided by the Stanford Javascript Crypto Library. Specifically, your message gets encrypted with a unique one-time 2048-bit RSA public key generated on the fly.

  1. Link generation

On their server, Privnote stores this encrypted cipher text and generates a random one-time URL to access it. This URL is linked to your encrypted message on their server. When you share this URL with your contact, it allows them to retrieve and decrypt your message by loading the page. No message decryption happens on Privnote’s server.

  1. Message decryption

When your contact opens the Privnote URL, their browser receives the encrypted cipher secure text stored on Privnote’s server. To decrypt it, their browser generates a unique RSA private key locally. This private key corresponds to the public key originally used to encrypt your message. It decrypts the cipher text to reveal your original plain text. The Private key generation and decryption all happen locally in your contact’s browser. Privnote’s server never sees your message decrypted.

  1. Message deletion

Once your contact’s browser has decrypted your message, Privnote’s server automatically deletes the encrypted cipher text stored against the URL. This ensures your message disappears forever after being read once. Even refreshing the page will display a “Note not found” error.

Privnote relies on asymmetric encryption powered by public key cryptography to protect your messages in transit and at rest. The local key generation on users’ browsers maintains end-to-end encryption without exposing your plain texts. While Privnote does provide strong encryption, it is not foolproof. Avoid sending highly confidential data like passwords or personal details through it. Use your discretion based on the sensitivity of your message.

Closing thoughts on privnote’s encryption

Privnote employs some clever cryptographic techniques to allow self-destructing notes. The multi-layered encryption process maintains message privacy while in transit and storage on Privnote’s servers. Just keep in mind the limitations around verifiability and closed source code. Used wisely, Privnote’s encryption scheme enables you to have private conversations that evaporate without a trace. Just like your real-life whisper networks, Privnote lets you securely share secrets between friends. Privnote offers a handy privacy tool for the digital age while keeping your secrets safe.