How Only Once Share Keeps Your Secrets Safe
Only Once Share uses end-to-end AES-256-GCM encryption with a zero-knowledge architecture. Your text, images, PDFs, and archives are encrypted in your browser before they ever leave your device β our server never sees your plaintext data.
End-to-End Encryption
When you create a secret, your browser generates a random cryptographic key using the Web Crypto API. Your text and any attached files (images, PDFs, or archives) are packed into a single encrypted payload using AES-256-GCM β the same encryption standard used by governments and financial institutions worldwide. The encryption happens entirely in your browser. The encrypted data (ciphertext) is the only thing sent to our server.
HKDF Key Derivation
Each secret gets its own unique encryption key derived using HKDF-SHA-256 (HMAC-based Key Derivation Function) with the secret's ID as context. This means even if someone obtained the master key material, each secret remains cryptographically independent. Compromising one secret cannot compromise another.
Authenticated Data Binding
The secret ID is bound as Additional Authenticated Data (AAD) during encryption. This cryptographically ties each encrypted payload to its specific secret ID. If anyone attempts to swap ciphertext between secrets or tamper with the secret ID, decryption will fail. This prevents a class of attacks where encrypted data could be substituted.
Zero-Knowledge Architecture
Our server stores only encrypted blobs. We cannot read, decrypt, or access your secrets in any way. The decryption key is placed after the # symbol in the URL (the "fragment"). Browser URL fragments are never sent to servers β not in HTTP requests, not in server logs, not anywhere. This is a fundamental property of how web browsers work, defined in RFC 3986.
What the Server Never Sees
Unlike some competing tools that perform encryption on the server (meaning the server briefly sees your plaintext data), Only Once Share encrypts entirely in the browser. The server never receives: your plaintext text, images, PDFs, or archives, the encryption key, or any information that could be used to decrypt your data. It cannot even distinguish whether a secret contains text, an image, a PDF, or any combination. Even if our server were compromised, your secrets would remain encrypted and unreadable.
One-Time Viewing & Auto-Expiration
When a recipient opens a secret link, the encrypted data is retrieved and atomically deleted from storage in the same Redis GETDEL operation. There is no window where a second read is possible. Additionally, all secrets automatically expire after the chosen TTL (1β72 hours) via Redis key expiration, even if never viewed. No data persists beyond the expiration window.
Open Source & Auditable
Only Once Share is fully open source under the MIT license. Every line of code β from the encryption logic to the server handling β is publicly auditable on GitHub. You don't have to trust our claims; you can verify them yourself. You can also self-host the entire platform using Docker for complete control over your data.
The Encryption Flow
- Key Generation β Your browser generates a random AES-256 key using the Web Crypto API
- Key Derivation β HKDF-SHA-256 derives a unique per-secret key using the secret ID as context
- Encryption β AES-256-GCM encrypts your text and files into a single payload with a random 96-bit IV and the secret ID as AAD
- Transmission β Only the encrypted ciphertext and secret ID are sent to the server
- Link Creation β The encryption key is placed in the URL fragment (#), which is never sent to the server
- Retrieval β When opened, the ciphertext is fetched and atomically deleted from Redis (GETDEL)
- Decryption β The recipient's browser decrypts the text and files using the key from the URL fragment
Why Client-Side Encryption Matters
Many secret sharing tools claim to be "encrypted" but perform encryption on the server. This means your plaintext secret travels over the network and is briefly visible to the server before encryption. Server-side encryption protects data at rest, but it requires you to trust the server operator.
With client-side encryption (like Only Once Share), your text, images, PDFs, and archives are encrypted before they leave your device. The server only ever handles encrypted data it cannot read. This is the gold standard for privacy and is the same principle behind end-to-end encrypted messaging apps like Signal.