Generate OTP Key
Create a cryptographically secure one-time pad key for message encryption.
⚠️ For manual key generation commands, see the FAQ section
Click "Generate" to create a secure OTP key
Key Generated
A new OTP key has been generated successfully.
Warning: Share this key securely with your recipient. Both parties must have the same key for encryption/decryption.
Add Encrypted Message
Encrypt and store a message using your OTP key.
Select key file
0/256 bytes (0%)
Messages automatically expire after this time for security
Message Encrypted Successfully!
Serial Number:
Your message has been encrypted and stored securely.
Share securely: Send the serial number or QR code to your recipient. The message will be permanently deleted after retrieval.
Retrieve Message
Decrypt a message using the serial number and OTP key.
Select key file
Message Decrypted
Your message has been decrypted successfully. It has been permanently deleted from the server for security.
Dynamic Chat
Secure real-time messaging with OTP encryption for each message.
System Statistics Dashboard
Real-time metrics and analytics for your SecureDrop instance.
4
MESSAGES STORED
0
ACTIVE CHATS
4
TOTAL PROCESSED
0
EXPIRED CLEANED
0.1 kB
STORAGE USAGE
avg 0.1 kB per message
Message Timeline
Oldest: 5/23/2025, 6:48:00 PM
Newest: 5/23/2025, 10:07:20 PM
Statistics update automatically every 30 seconds • Shortcut: Ctrl+S
FAQ
Learn how to use SecureDrop and generate keys manually on any system.
Is SecureDrop really secure?
Yes, when used correctly. OTP provides perfect secrecy - it's mathematically proven that no amount of computational power can break properly implemented one-time pad encryption. The NSA uses similar systems for their most sensitive communications.
Can messages be recovered?
No. Messages are permanently deleted after retrieval. There are no backups, logs, or recovery mechanisms. This is by design for maximum security. If you lose your key or serial number, the message is gone forever.
Message size limits
Maximum message size is 256 bytes (about 256 characters). For longer messages, split them into multiple parts or use compression. Remember: your OTP key must be at least as long as your message.
🛡️ Manual Key Generation
For maximum security, you can generate OTP keys manually using command line tools on any operating system.
🍎 macOS
# Generate single key (256 bytes)
openssl rand -hex 256
# Generate 10 keys and save to ZIP
mkdir keys && cd keys
for i in {1..10}; do openssl rand -hex 256 > "key_$i.txt"; done
zip -r keys.zip *.txt && rm *.txt
🪟 Windows (PowerShell)
# Generate single key (256 bytes)
$rng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider
$bytes = New-Object byte[] 256
$rng.GetBytes($bytes)
$key = [System.BitConverter]::ToString($bytes).Replace("-","").ToLower()
Write-Output $key
🐧 Linux
# Generate single key (256 bytes)
openssl rand -hex 256
# Alternative using /dev/urandom
xxd -l 256 -p /dev/urandom | tr -d '\n'
What is SecureDrop for?
• Activism: Source protection, sensitive collaboration
• Emergency: Crisis communications
• Privacy: Anonymous whistleblowing
• Journalism: Secure source communications
• Personal: Maximum privacy note-taking
How does One-Time Pad work?
OTP provides perfect secrecy - mathematically unbreakable when used correctly. Each message uses a unique random key as long as the message. The key is XORed with the message, creating encrypted output that reveals nothing about the original without the exact key.
Key distribution guidelines
• In-person: Physical key exchange (most secure)
• Signal/Wire: Disappearing messages with forward secrecy
• Physical media: USB drives, QR codes on paper
• Separate channel: Never send key and message together
• Verify integrity: Confirm key received correctly
Covert serial number sharing
• Social media: Hidden in image metadata or steganography
• Dead drops: Physical locations (park benches, library books)
• Public forums: Embedded in seemingly normal posts
• QR codes: Printed and placed in agreed locations
• Time-based: Pre-agreed posting schedules
Security warnings
⚠️ Never reuse keys: Each OTP key must be used exactly once
⚠️ Key length matters: Keys must be at least as long as the message
⚠️ Secure key exchange: Use separate channels for keys and serial numbers
⚠️ Perfect deletion: Messages are permanently deleted after retrieval
⚠️ No recovery: Lost keys or serial numbers cannot be recovered
Best practices
• Test first: Verify the process with non-sensitive messages
• Backup keys: Store key copies in multiple secure locations
• Time limits: Set appropriate expiration times for messages
• Verify integrity: Confirm successful decryption with recipients
• Operational security: Use different networks/devices when possible
Technical details
Perfect secrecy requires: (1) Keys must be truly random, (2) Keys must be at least as long as the message, (3) Keys must never be reused, (4) Keys must be kept completely secret. When these conditions are met, OTP encryption is mathematically unbreakable even with unlimited computational power.
System limitations
• File uploads: No images or files can be uploaded - text messages only
• Content policy: No illegal content, threats, or harassment allowed
• Maximum retention: Messages automatically expire after 7 days if not retrieved
• Size limits: 256 bytes maximum per message (about 256 characters)
• One-time use: Messages are permanently deleted after single retrieval
What gets sent over the network?
Sent to server:
• Encrypted message blob (unreadable without your key)
• Serial number (for retrieval, no personal info)
• Expiration time (when to auto-delete)
Never sent:
• Your OTP keys (encryption/decryption happens locally)
• Unencrypted message content
• Personal information or metadata
How to verify security yourself
• Browser DevTools: Open Network tab, watch what data is sent
• Wireshark/tcpdump: Capture network traffic to verify encryption
• Source code: All encryption happens in client-side JavaScript
• Offline test: Disconnect internet after loading, encryption still works
• Server logs: Check that only encrypted blobs are stored, no keys