University of York - Secret Sharing

We have compiled a list of Frequently Asked Questions below.

What is this system all about?

You can use this system to share text securely with other users. It was built due to a growing need to send secure text to colleagues, and external users.

How secure is the system?

All secrets are encrypted using AES-256-GCM. Authorised usernames and passphrases are also hashed.

How long is data kept?

Any secrets created are destroyed immediately once read. If a secret is unclaimed, it is automatically deleted once its expiry date has passed. Secrets can be kept unclaimed for a maximum of 7 days before they are automatically destroyed.

How do I send a secret to a University user?

From the homepage, select University User. You will be required to input the users University username which will require the recipient to authenticate with Shibboleth before viewing the secret.

How do I send a secret to a third party?

From the homepage, select External. You will be required to input a passphrase which will require the recipient to enter this passphrase before viewing. We strongly encourage the passphrase is provided separately to the link, such as in a phone call.

How do I revoke a secret?

When you create a secret, a revocation link is presented. Copy this link securely, as you will need to use it to revoke an already-sent secret.