Project Overview
OOShare is a privacy-first secret sharing platform that allows users to send passwords, API keys, and sensitive messages through one-time links. The secret is encrypted in the browser using AES-256-GCM before being stored, and the decryption key lives only in the URL fragment — never transmitted to the server. Once viewed, the secret is atomically deleted from Redis.
The Challenge
Teams routinely share credentials over Slack, email, or chat — channels that log messages indefinitely and expose secrets to breaches. Existing solutions were either too complex for non-technical users or required trusting a third-party server with plaintext data.
Our Solution
We built a zero-knowledge architecture where the server only stores encrypted blobs. The master key travels exclusively in the URL fragment (after the #), which browsers never send to the server. A Flask + Redis backend handles storage with atomic GETDEL operations, while a React frontend performs all cryptography client-side using the Web Crypto API. Secrets auto-expire between 1 and 72 hours via Redis TTL.