Purpose
Secure Sharing is a tool for creating and sharing secret texts via one-time links. The text is encrypted, the link is impossible to guess, and the information is automatically removed after viewing.
How it works
- You enter the text you want to share.
- The text is encrypted with AES-256-CBC and stored in the database.
- A link with a unique ID and signature (HMAC) is created.
- You share the link with the recipient.
- When someone opens the link:
- The server validates the signature.
- If valid: decrypts and displays the text.
- The content is deleted from the database immediately.
Short links for easy sharing
A short link is automatically created when you share a secret text. The short link is easier to copy, share and use – and works just like the original one-time link.
Short links are generated via the Short Link tool. You can read more about how short links work and create your own at mackan.eu/tools/kortlank/.
Example short link:
https://mackan.eu/m/abc12345
Security features
- CSRF protection to prevent external POST attacks.
- HMAC signature on the link prevents tampering.
- AES-256 encryption ensures text is never stored in plaintext.
- Self-destruction occurs after the first viewing.
- Configurable TTL – choose between 1 hour, 24 hours, or 7 days.
Abbreviations
| Abbreviation | Description |
|---|---|
| CSRF | Cross-Site Request Forgery – protection against unauthorized form submissions |
| HMAC | Hash-based Message Authentication Code – protects links from being tampered with |
| AES-256-CBC | Advanced Encryption Standard with 256-bit key and CBC mode – strong encryption |
| IP | Internet Protocol – used to identify where an event originates from |
| Cron | Automated server job that runs at regular intervals |
Example
Text: "My staging API key: xyz123"
Generated link: https://mackan.eu/tools/skyddad/visa.php?id=...
When someone clicks the link, the text is shown exactly once, then everything is deleted.
Status
| Component | What it means | Status |
|---|---|---|
| CSRF protection | Protects forms against external manipulation | ✔ |
| HMAC token | Unique signature in the link prevents guessing | ✔ |
| AES-256 | Encryption before storage | ✔ |
| Self-destruction | Text is deleted after viewing | ✔ |
| Configurable TTL | Choose validity: 1 hour, 24 hours, or 7 days | ✔ |
| Code structure | Separate directories for logic and templates | ✔ |
| Error display | PHP errors shown in dev mode | ✔ |
| Admin panel | Shows number of created and viewed texts | ✔ |
| Statistics chart | Bar chart via ECharts | ✔ |
Privacy
Secure Sharing protects your secret. No logging, no tracking, no surveillance. We store no metadata or plaintext. Events in the system are anonymous and are only shown as statistics or totals.