Only display duration and max views are currently functional
OneMessage is a tool that allows you to send sensitive information without fear of it getting in the wrong hands.
When you finish composing a message, One Message will encrypt it (with a password either set by you or autogenerated) and send it to a server - requiring a link and password to access the message. The password can either be included in the link, or can be kept separate (so the more paranoid can go as far as delivering a password in person, or just sent separately). When the message is accessed with the correct password it will be deleted permanently, and so can only be viewed exactly once, hence the name, and preventing you from worrying about anybody stumbling across your sensitive information in the future.
When a message has been composed, using a password the message is encrypted client-side using AES-256. From the password a salt and initialization vector are derived and the encrypted message is sent to the server. In addition to the encrypted message, the ID and two other strings are sent to the server, the first string is some short random text, and the other is the random text, encrypted using the same password as the message.
When a user tries to get a message, the ID of the message is sent to the server. The server then responds with the encrypted text sample. The user's browser then uses the password to try to decrypt the message, and sends it back to the server. If this matches the servers sample text (i.e. the password is correct) the server then fetches the encrypted message, deletes it from the database, and sends it to the user where it is then decrypted and displayed.
Unfortunately I am somewhat busy at the moment and as such, this project is 95% complete, there may be the odd bug or two.
If you haven't used this before, there are two different ways you can send the link, either with or without the passphrase. If the passphrase is included in the link, whoever clicks on it will immediately see the message, however, if it is not included they will be prompted to input it.
When the message is succesfully viewed (i.e. password correct) it will be immediately deleted from the server. It can only be viewed exactly once.