You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

147 lines
5.6 KiB

5 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
  1. [![XWiki labs logo](https://raw.githubusercontent.com/xwiki-labs/xwiki-labs-logo/master/projects/xwikilabs/xlabs-project.png "XWiki labs")](https://labs.xwiki.com/xwiki/bin/view/Main/WebHome)
  2. <p align="center">
  3. <img src="https://github.com/cjdelisle/cryptpad/raw/master/cryptofist.png" width="60%">
  4. </p>
  5. Unity is Strength - Collaboration is Key
  6. ![and_so_it_begins.png](https://github.com/cjdelisle/cryptpad/raw/master/and_so_it_begins.png "We are the 99%")
  7. CryptPad is the **zero knowledge** realtime collaborative editor.
  8. Encryption carried out in your web browser protects the data from the server, the cloud
  9. and the NSA. This project uses the [CKEditor] Visual Editor and the [ChainPad] realtime
  10. engine. The secret key is stored in the URL [fragment identifier] which is never sent to
  11. the server but is available to javascript so by sharing the URL, you give authorization
  12. to others who want to participate.
  13. # Installation
  14. Cryptpad depends on the Nodejs runtime.
  15. We recommend installing it via [NVM](https://github.com/creationix/nvm "Node Version Manager") to ensure that you are running an up to date version.
  16. Once you have a recent runtime:
  17. ```
  18. git clone <this repo>
  19. cd cryptpad
  20. npm install
  21. npm install -g bower ## if necessary
  22. bower install
  23. ## copy config.js.dist to config.js
  24. cp config.js.dist config.js
  25. ## modify configuration to use your own mongodb instance
  26. ## for example aon the default mongodb port `mongodb://localhost:27017/demo_database`
  27. $EDITOR config.js
  28. node ./server.js
  29. ```
  30. ## Maintenance
  31. To get access to the most recent codebase:
  32. ```
  33. cd /your/cryptpad/instance/location;
  34. git pull
  35. ```
  36. To update dependencies:
  37. ```
  38. # clientside dependencies
  39. bower update;
  40. # serverside dependencies
  41. npm update;
  42. ```
  43. To reset your instance of Cryptpad and remove all the data that is being stored:
  44. If you are using the leveldb adaptor, this is as simple as deleting the folder which contains your leveldb datastore:
  45. ```
  46. # change into your cryptpade directory
  47. cd /your/cryptpad/instance/location;
  48. # delete the datastore
  49. rm -rf ./cryptpad.db
  50. ```
  51. If you are using the mongodb adaptor, [drop the relevant collection](https://docs.mongodb.org/manual/reference/method/db.collection.drop/#db.collection.drop).
  52. ## Testing
  53. To test CryptPad, go to http://your.server:3000/assert/
  54. You can use WebDriver to run this test automatically by running TestSelenium.js but you will need chromedriver installed.
  55. If you use Mac, you can `brew install chromedriver`.
  56. # Setup using Docker
  57. See [Cryptpad-Docker](cryptpad-docker.md)
  58. ## Security
  59. CryptPad is *private*, not *anonymous*. Privacy protects your data, anonymity protects you.
  60. As such, it is possible for a collaborator on the pad to include some silly/ugly/nasty things
  61. in a CryptPad such as an image which reveals your IP address when your browser automatically
  62. loads it or a script which plays Rick Astleys's greatest hits. It is possible for anyone
  63. who does not have the key to be able to change anything in the pad or add anything, even the
  64. server, however the clients will notice this because the content hashes in ChainPad will fail to
  65. validate.
  66. The server does have a certain power, it can send you evil javascript which does the wrong
  67. thing (leaks the key or the data back to the server or to someone else). This is however an
  68. [active attack] which makes it detectable. The NSA really hates doing these because they might
  69. get caught and laughed at and humiliated in front of the whole world (again). If you're making
  70. the NSA mad enough for them to use an active attack against you, Great Success Highfive, now take
  71. the battery out of your computer before it spawns Agent Smith.
  72. Still there are other low-lives in the world so using CryptPad over HTTPS is probably a good idea.
  73. ## Translations
  74. We'd like to make it easy for more people to use encryption in their routine activities.
  75. As such, we've tried to make language-specific parts of Cryptpad translatable. If you're
  76. able to translate Cryptpad's interface, and would like to help, please contact us!
  77. You can also see [our translation guide](/customize.dist/translations/README.md).
  78. ## Contacting Us
  79. You can reach members of the Cryptpad development team on [twitter](https://twitter.com/cryptpad),
  80. via our [github issue tracker](https://github.com/xwiki-labs/cryptpad/issues/), on the
  81. [freenode](http://webchat.freenode.net/?channels=%23cryptpad&uio=MT1mYWxzZSY5PXRydWUmMTE9Mjg3JjE1PXRydWUe7)
  82. irc network, or by [email](mailto:research@xwiki.com).
  83. ## Contributing
  84. We love Open Source and we love contribution. It is our intent to keep this project available
  85. under the AGPL license forever but in order to finance more development on this and other FOSS
  86. projects, we also wish to sell other licenses to this software. Before making a pull request,
  87. please read and
  88. [sign the Commons Management Agreement](https://www.clahub.com/agreements/cjdelisle/cryptpad).
  89. If you have any questions or comments, or if you're interested in contributing to Cryptpad, come say hi on IRC, `#cryptpad` on Freenode.
  90. ### License
  91. This software is and will always be available under the GNU Affero General Public License as
  92. published by the Free Software Foundation, either version 3 of the License, or (at your option)
  93. any later version. If you wish to use this technology in a proprietary product, please contact
  94. sales@xwiki.com
  95. * Icons thanks to http://www.famfamfam.com/ licensed [Creative Commons Attribution 2.5 License]
  96. [ChainPad]: https://github.com/xwiki-contrib/chainpad
  97. [CKEditor]: http://ckeditor.com/
  98. [fragment identifier]: https://en.wikipedia.org/wiki/Fragment_identifier
  99. [active attack]: https://en.wikipedia.org/wiki/Attack_(computing)#Types_of_attacks
  100. [Creative Commons Attribution 2.5 License]: http://creativecommons.org/licenses/by/2.5/