The Cryptgeon project

Cryptgeon is an open-source service for secure text or file sharing created by Nicco - cupcakearmy, a developer we already mentioned in this Digital Notepad for having developed autorestic.

As the developer pointed out, Cryptgeon is inspired by PrivNote.

The project comprises a server component, a web page, and a CLI client.

Kudos to the developer of Cryptgeon for the worth of the project, which we hope it will follow and maintain for every improvement.

Cryptgeon impressed us with the developer’s attention to the security profiles implemented, which helps to qualify the project as one that respects privacy.

In fact, as stated in the project description, a 256-bit ID and a 256-bit key are generated for each text or note.

The ID saves and retrieves the note (or file).

Cryptgeon uses AES-256 Galois/Counter Mode (GCM) encryption, whereby the text (or file) is encrypted client-side with the key later sent to the server. The data is saved in memory and never persists on the server’s disk. The encryption key is never saved on the server, and it is impossible to de-encrypt the notes’ content.

The features of Cryptgeon, as stated in the aforementioned repository, are as follows:

• sending text or files;
• the server cannot decrypt content based on client-side encryption;
• displaying or setting time constraints;
• working in memory without persistence;
• auto, light, and dark modes.

Cryptgeon Web

You can use Cryptgeon’s public service or install an instance on your server.

In the next section, we will explain how to install a self-hosted instance of Cryptgeon.

Cryptgeon self-hosted: installation

Cryptgeon can be installed on the server and used with Docker.

Assuming you are using a system with Ubuntu server, the following are the steps to follow:

1. Create the folder in which to place the Cryptgeon files

After logging into your server via ssh, create a folder where you can save your configuration file. One solution might be the following:

mkdir /opt/cryptgeon

2. Create the Cryptegeon Docker file

You must move to the previously created folder, then run the command

cd /opt/cryptgeon

and to create the docker-compose.yml file, proceed with the following commands:

nano docker-compose.yml

or

vim docker-compose.yml

or

touch docker-compose.yml

(In the latter case, you will create the file, which will then have to be edited with nano, vim, or another editor.)

Put the following content in the file docker-compose.yml:

services:
  redis:
    image: redis:7-alpine
    restart: always

  app:
    image: cupcakearmy/cryptgeon:latest
    depends_on:
      - redis
    restart: always

    ports:
      - 8899:8000

    environment:
      # Size limit for a single note.
      SIZE_LIMIT: 200 MiB
      THEME_IMAGE: "https://youdomain.com/yourimage.png"
      ALLOW_FILES: true
      THEME_PAGE_TITLE: "Cryptgeon"
      THEME_FAVICON: "https://youdomain.com/favicon.ico"

The version shown above is partially different from the one in the cryptgeon repository.

In particular, the first line containing version: '3.8' is missing because using Docker Compose V2 brings up a warning (the first line version: '3.8' should be left if you use Compose V1).

Regarding ports, you must choose the external port (in our case, 8899) and open it.

You can use variables in the environment section, and the relevant documentation is in the Cryptgeon repository.

In our case, we used:

• THEME_IMAGE to replace the default image with your logo;
• THEME_PAGE_TITLE to give a custom title to the Cryptgeon page
• THEME_FAVICON to choose your favicon

Once you have saved the docker-compose.yml file, you can start the app with the command:

docker compose up -d

or

docker-compose up -d

The first command is if you are using Compose V2, and the second is for V1.

At this point, at the address http://serverIP:8899, you should reach the Cryptgeon page.

However, it is possible to use a web service such as NGINX, and we describe the configuration in the next section.

3. Setting the domain name

By accessing your provider’s control panel, set the DNS of the domain name you intend to use for the Cryptgeon service (e.g., cryptgeon.youdomain.com).

4. Create the configuration file for NGINX

Still on the server, you must create the NGINX configuration file (we assume that the service is already installed on the server, otherwise you must install it first) in /etc/nginx/site-available.

Then, like above, create the configuration file with the command nano cryptgeon.conf or vim cryptgeon.conf.

The Cryptgeon repository contains some examples of NGINX configuration files. However, line 10 of the version with TLS contains an error, and one must delete it.

We have opted for a straightforward configuration to pass generating the SSL certificates at the next step.

server {
    
    listen 80;
    listen [::]:80;
    server_name cryptgeon.yourdomain.com;


    location / {
    proxy_pass http://127.0.0.1:8899/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

   }
}

You must save the file and then create the symlink with the following command:

ln -s /etc/nginx/site-available/cryptgeon.conf /etc/nginx/site-enable/cryptgeon.conf

Testing NGINX with the command nginx -t may be helpful.

Then proceed to issue the SSL certificates with the command:

certbot --nginx

Once the certificates have been generated, checking the NGINX configuration file may be helpful.

Run the command

systemctl reload nginx

At this point, the Cryptgeon service should be reachable at https://cryptegon.yourdomain.com.

That’s all!

Cryptgeon CLI

You can also use Cryptgeon in CLI mode following the guide in the repository.

Enjoy Cryptgeon!

Follow us on Mastodon

Stay tuned!