How Pastelion Works

Security shouldn't be a black box. Here is a breakdown of how we protect your information using modern cryptography.

1. Content Encryption

When you submit a paste, we generate a unique 256-bit symmetric key. Your content is encrypted using AES-256 in GCM mode.

2. Envelope Encryption

To keep the encryption key safe, we don't store it in plain text. Instead, we encrypt it with a Master Key stored in the server's secure environment variables before saving it to the database.

3. Access Control

If you set a password, we hash it using scrypt. Only users who provide the correct password can trigger the server-side decryption flow.

4. Zero Persistence

With "Burn after reading", the record is permanently deleted from our database the moment it's successfully decrypted and viewed once.

Still have questions? Check out our FAQ on the main page.