Yopass: Share Sensitive Info Securely with Encryption and Auto-Destruction

Sharing passwords, temporary codes, or sensitive files via email or instant messaging presents significant security risks. Yopass, a free and open-source web application, offers a secure alternative. It enables end-to-end encrypted sharing of text and files, with automatic self-destruction after a specified duration or single access. This guide explores Yopass’s functionality, usage, and self-hosting options, emphasizing its commitment to user privacy.

Understanding Yopass

Yopass is a minimalist web application designed for secure, temporary data sharing. It encrypts data client-side, meaning the server never handles unencrypted information. This ensures confidentiality, even if the Yopass server were compromised.

Key Features

• End-to-End Encryption: Data is encrypted in your browser before transmission.
• Self-Destruction: Option for automatic deletion after a set time or single access.
• No Accounts Required: No user registration or login is necessary.
• Open-Source and Free: Source code available on GitHub under the Apache 2.0 license.
• Self-Hosting Option: Easily deploy your own instance using Docker.

How Yopass Works

Steps:

1. Access Yopass: Visit the public instance (https://yopass.se/) or your self-hosted instance.
2. Enter Data: Enter your text message or upload a file.
3. Set Parameters: Choose the expiry time (1 hour, 1 day, 1 week) and enable “One-time download” for self-destruction after access.
4. Encrypt and Generate Link: Click “Encrypt message.” Yopass generates a short link (without the decryption key) and a full link (including the key in the URL).
5. Share the Link: Share the appropriate link (short or full) with the recipient. For enhanced security, consider sending the link and key via separate channels.

The recipient uses the generated link to access the encrypted data. The browser decrypts the data locally, and after access (if “One-time download” is enabled), the data is automatically deleted from the server.

Self-Hosting Yopass

For increased privacy control, self-host Yopass using Docker. Instructions and the Docker image are available on the GitHub repository (https://github.com/jhaals/yopass).

Conclusion:

Yopass offers a straightforward yet highly secure method for sharing sensitive information. Its end-to-end encryption and self-destruct functionality address the privacy concerns associated with traditional methods. The availability of a public instance and the option for self-hosting provide flexibility and control over data handling. Yopass is a valuable tool for anyone needing to securely share confidential information temporarily.