StatiCrypt uses AES-256 with WebCrypto to encrypt your html string with your long password, in your browser (client side).
You can encrypt the entire page or just specific sections by wrapping them with
<!--staticrypt-start--> and <!--staticrypt-end--> markers.
Only the content between these markers will be encrypted.
Download your encrypted string in a HTML page with a password prompt you can upload anywhere (see example).
The tool is also available as a CLI on NPM and is open source on GitHub.
Disclaimer if you are an at-risk activist, or have extra sensitive banking data, you should probably use something else!
StatiCrypt generates a static, password protected page that can be decrypted in-browser: just send or upload the generated page to a place serving static content (github pages, for example) and you're done: the javascript will prompt users for password, decrypt the page and load your HTML.
The page is encrypted with AES-256 in CBC mode (see why this mode is appropriate for StatiCrypt in #19). The password is hashed with PBKDF2 (599k iterations with SHA-256, plus 1k with SHA-1 for legacy reasons (see #159), for the added recommended total of 600k) and used to encrypt the page.
It basically encrypts your page and puts everything with a user-friendly way to use a
password in the new file. AES-256 is state of the art but
brute-force/dictionary attacks would be easy to do at a really fast pace: use a long,
unusual password!
=> To be safe, we recommend 16+ alphanum characters, and using a password manager like the
open-source Bitwarden.
Feel free to contribute or report any thought to the GitHub project.