Changelog
What has shipped in SecretPNG, newest first. This project follows semantic versioning.
v0.1.0
betaTools
- Encryption & vaults: encrypt a file, decrypt a file, create an encrypted vault, and open an encrypted vault — the SPV1 .svault format (AES-256-GCM, PBKDF2-HMAC-SHA-256 at 600,000 iterations, STREAM chunked authenticated encryption, optional one-time recovery key).
- Password-protect a ZIP as an AES-256 (WinZip AE-2) archive that common tools like 7-Zip and WinRAR can open.
- Metadata removal: remove photo metadata (EXIF/XMP/IPTC) and remove document metadata (PDF and Office properties), each with a privacy report.
- Redact a document (permanent, flattened redaction with post-export validation) and a sensitive-file scanner for emails, card numbers, keys, and secrets.
- Generators: password generator, passphrase generator (EFF Large Wordlist), secure QR code generator, and recovery-code sheet.
- File integrity: streaming file-hash generator (SHA-256 default; MD5/SHA-1 legacy-only) and a file-hash verifier.
- Local private notes: an encrypted, browser-only notebook stored in IndexedDB with auto-lock and encrypted export/import.
Sharing
- One-time secret links: content is encrypted in the browser with the key placed in the URL fragment, so the server stores ciphertext only, with atomic burn-on-read, expiry options, and view limits.
Offline
- Offline PWA: the core local tools are installable and work without a network connection.
Security
- Strict Content Security Policy with per-request nonces on the /app secure workspace; consent-gated analytics and ads confined to public pages; network-isolation tests enforcing zero third-party requests on secure routes.
Docs
- Security documentation set: threat model, container format specification, architecture decision records, cryptography reference, network-transparency policy, and responsible-disclosure policy.
- Published guides on encryption, metadata, redaction, checksums, passphrases, and the product's own limitations.