CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
CryptPad is the **Zero Knowledge** realtime collaborative editor.
# Installation
Encryption carried out in your web browser protects the data from the server, the cloud
## For development
and the NSA. It relies on the [ChainPad] realtime engine.
<!--If you'd like to know more, please read [the Whitepaper]().-->
Our [developer guide](https://docs.cryptpad.fr/en/dev_guide/setup.html) provides instructions for setting up a local instance without HTTPS or our more advanced security features.
# Installation
## For production
Installing CryptPad is pretty straightforward. You can read all about it in the
Configuring CryptPad for production requires a little more work, but the process is described in our [admin installation guide](https://docs.cryptpad.fr/en/admin_guide/installation.html). From there you can find more information about customization and maintenance.
It also contains information on keeping your instance of CryptPad up to date.
## Current version
## Current version
@ -24,33 +22,40 @@ The most recent version and all past release notes can be found [here](https://g
See [Cryptpad-Docker](https://github.com/xwiki-labs/cryptpad-docker) repository for details on how to get up-and-running with Cryptpad in Docker. This repository is maintained by the community and not officially supported.
See [Cryptpad-Docker](https://github.com/xwiki-labs/cryptpad-docker) repository for details on how to get up-and-running with Cryptpad in Docker. This repository is maintained by the community and not officially supported.
# Security
# Security
CryptPad is *private*, not *anonymous*. Privacy protects your data, anonymity protects you.
CryptPad offers a variety of collaborative tools that encrypt your data in your browser
As such, it is possible for a collaborator on the pad to include some silly/ugly/nasty things
before it is sent to the server and your collaborators. In the event that the server is
in a CryptPad such as an image which reveals your IP address when your browser automatically
compromized the database holds encrypted data that is not of much value to attackers.
loads it or a script which plays Rick Astleys's greatest hits. It is possible for anyone
who does not have the key to be able to change anything in the pad or add anything, even the
The code which performs the encryption is still loaded from the host server like any
server, however the clients will notice this because the content hashes in CryptPad will fail to
other web page, so you still need to trust the administrator to keep their server secure
validate.
and to send you the right code. An expert can download code from the server and check
that it isn't doing anything malicious like leaking your encryption keys, which is why
The server does have a certain power, it can send you evil javascript which does the wrong
this is considered an [active attack].
thing (leaks the key or the data back to the server or to someone else). This is however an
[active attack] which makes it detectable. The NSA really hates doing these because they might
The platform is designed to minimize what data is exposed to its operators. User registration
get caught and laughed at and humiliated in front of the whole world (again). If you're making
and account access is based on a cryptographic key that is derived from your username
the NSA mad enough for them to use an active attack against you, Great Success Highfive, now take
and password so the server never needs to see either and you don't need to worry about
the battery out of your computer before it spawns Agent Smith.
whether they are being stored securely. It is impossible to verify whether a server's
operators are logging your IP or other activity, so if you consider this information
Still there are other low-lives in the world so using CryptPad over HTTPS is probably a good idea.
sensitive it is safest to assume it is being recorded and access your preferred instance
via [Tor browser].
A correctly configured instance has safeguards to prevent collaborators from doing some
nasty things like injecting scripts into collaborative documents or uploads. The project
is actively maintained and bugs that our safeguards don't catch tend to get fixed quickly.
For this reason it is best to only use instances that are running the most recent version,
which is currently on a three-week release cycle. It is difficult for a non-expert to
determine whether an instance is otherwise configured correctly, so we are actively
working on allowing administrators to opt in to a public directory of servers that
meet our strict criteria for safety.
# Translations
# Translations
We'd like to make it easy for more people to use encryption in their routine activities.
CryptPad can be translated with nothing more than a web browser via our
As such, we've tried to make language-specific parts of CryptPad translatable. If you're
able to translate CryptPad's interface, and would like to help, please contact us!
More information about this can be found in [our translation guide](/customize.dist/translations/README.md).
You can also see [our translation guide](/customize.dist/translations/README.md).
# Contacting Us
# Contacting Us
@ -61,13 +66,13 @@ via our [GitHub issue tracker](https://github.com/xwiki-labs/cryptpad/issues/),
# Team
# Team
CryptPad is actively developed by a team at [XWiki SAS](https://www.xwiki.com), a company that has been building Open-Source software since 2004 with contributors from around the world. Between 2015 and 2019 it was funded by a research grant from the French state through [BPI France](https://www.bpifrance.fr/). It is currently financed by [NLnet PET](https://nlnet.nl/PET/), subscribers of CryptPad.fr and donations to our [Open-Collective campaign](https://opencollective.com/cryptpad).
CryptPad is actively developed by a team at [XWiki SAS](https://www.xwiki.com), a company that has been building Open-Source software since 2004 with contributors from around the world. Between 2015 and 2019 it was funded by a research grant from the French state through [BPI France](https://www.bpifrance.fr/). In the years since we have been funded by [NLnet PET](https://nlnet.nl/PET/), [NGI TRUST](https://www.ngi.eu/ngi-projects/ngi-trust/), [NGI DAPSI](https://dapsi.ngi.eu/), subscribers of CryptPad.fr, and donations to our [Open-Collective campaign](https://opencollective.com/cryptpad).
# Contributing
# Contributing
We love Open Source and we love contribution. Learn more about [contributing](https://docs.cryptpad.fr/en/how_to_contribute.html).
We love Open Source and we love contribution. Learn more about [contributing](https://docs.cryptpad.fr/en/how_to_contribute.html).
If you have any questions or comments, or if you're interested in contributing to Cryptpad, come say hi on IRC, `#cryptpad` on Freenode.
If you have any questions or comments, or if you're interested in contributing to Cryptpad, come say hi in our [Matrix channel](https://app.element.io/#/room/#cryptpad:matrix.xwiki.com).
# License
# License
@ -78,5 +83,6 @@ published by the Free Software Foundation, either version 3 of the License, or (
any later version. If you wish to use this technology in a proprietary product, please contact
any later version. If you wish to use this technology in a proprietary product, please contact
" header. This information can make it easier for attackers to find and exploit known vulnerabilities. ",
];
if(family==='NGINX'){
msg.appendChild(h('span',text.concat([
"This can be addressed by setting ",
code("server_tokens off"),
" in your global NGINX config."
])));
returnvoidcb(serverToken);
}
// handle other
msg.appendChild(h('span',text.concat([
"In this case, it appears that the host server is running ",
code(serverToken),
" instead of ",
code("NGINX"),
" as recommended. As such, you may not benefit from the latest security enhancements that are tested and maintained by the CryptPad development team.",
"admin_supportPrivTitle":"Clé privée de la messagerie de support",
"admin_supportPrivTitle":"Clé privée de la messagerie de support",
"admin_emailHint":"Entrez ici l'adresse email de contact pour votre instance",
"admin_emailHint":"Entrez ici l'adresse email de contact pour votre instance",
"admin_emailTitle":"Email de l'administrateur"
"admin_emailTitle":"Email de l'administrateur",
"form_poll_hint":"<i></i> : Oui, <i></i> : Non, <i></i> : Acceptable",
"fc_open_formro":"Ouvrir (en tant que participant)",
"admin_provideAggregateStatisticsHint":"Vous pouvez choisir de fournir des mesures d'utilisation supplémentaires aux développeurs, telles que le nombre approximatif d'utilisateurs enregistrés et quotidiens de votre instance.",
"admin_provideAggregateStatisticsLabel":"Fournir des statistiques agrégées",
"admin_blockDailyCheckLabel":"Désactiver la télémétrie du serveur",
"admin_blockDailyCheckHint":"Les instances CryptPad envoient un message au serveur de l'équipe de développement lors de leur installation et une fois par jour par la suite. Cela permet à l'équipe de savoir quelles versions du logiciel sont en circulation. Vous pouvez refuser cette collecte de données ci-dessous. Le contenu de ces messages peut être examiné dans le log du serveur d'application.",
"admin_blockDailyCheckTitle":"Télémétrie du serveur",
"admin_removeDonateButtonLabel":"Ne pas promouvoir la campagnes de financement",
"admin_removeDonateButtonHint":"Le développement de CryptPad est partiellement financé par des bourses et des dons publics. Faire de la publicité pour notre campagne de financement sur votre instance aide l'équipe de développement à continuer son travail. Vous pouvez désactiver ces notifications.",
"admin_removeDonateButtonTitle":"Participation au financement participatif",
"admin_consentToContactLabel":"Je consens",
"admin_listMyInstanceTitle":"Lister mon instance dans les répertoires publics",
"admin_listMyInstanceHint":"Si votre instance est destinée à un usage public, vous pouvez la répertorier dans les listes d'instances. La télémétrie du serveur doit être activée pour que cela ait un effet.",
"admin_listMyInstanceLabel":"Lister cette instance",
"admin_consentToContactHint":"La télémétrie du serveur comprend l'addresse email de l'administrateur afin que l'équipe de développement puissent vous informer de problèmes sérieux avec le logiciel ou votre configuration. Elle ne sera jamais partagée, vendue ou utilisée à des fins de marketing. Consentez à être contacté si vous souhaitez être informé des problèmes critiques concernant votre serveur.",
"admin_consentToContactTitle":"Consentement à la prise de contact",
"admin_updateAvailableHint":"Une nouvelle version de Cryptpad est disponible",
"admin_checkupHint":"CryptPad est doté d'une page qui diagnostique automatiquement les problèmes de configuration courants et suggère comment les corriger si nécessaire.",
"admin_checkupTitle":"Valider la configuration de l'instance",
"admin_updateAvailableButton":"Lire les notes de mise à jour",
"admin_cat_network":"Réseau",
"mdToolbar_embed":"Insérer un fichier",
"restrictedLoginPrompt":"Vous n'êtes pas autorisé à accéder à ce document. <a>Connectez-vous</a> si vous pensez que votre compte devrait y avoir accès.",
"settings_driveRedirectHint":"La redirection de la page d'accueil vers le drive lors de la connexion n'est plus automatique. L'ancien comportement peut être activé ci-dessous.",
"settings_driveRedirectTitle":"Redirection depuis la page d'accueil",
"form_anonymousBox":"Répondre de manière anonyme",
"form_page":"Page {0}/{1}",
"form_clear":"Effacer",
"form_addMultipleHint":"Ajouter plusieurs dates et heures",
"form_addMultiple":"Tout ajouter",
"form_anonymous_blocked":"Les réponses anonymes sont bloquées pour ce formulaire. Merci de vous <a href=\"/login/\">connecter</a> ou de vous <a href=\"/register/\">enregistrer</a> pour répondre.",
"form_add_item":"Ajouter un objet",
"form_add_option":"Ajouter une option",
"form_newItem":"Nouvel objet",
"form_newOption":"Nouvelle option",
"form_defaultItem":"Objet {0}",
"form_defaultOption":"Option {0}",
"form_anonymous_off":"Bloquées",
"form_anonymous_on":"Autorisées",
"form_anonymous":"Réponses anonymes",
"form_willClose":"Ce formulaire fermera le {0}",
"form_isClosed":"Ce formulaire a été fermé le {0}",
"form_isOpen":"Ce formulaire est ouvert",
"form_removeEnd":"Annuler la clôture",
"form_setEnd":"Date de clôture",
"form_open":"Ouvrir",
"form_isPrivate":"Les réponses sont privées",
"form_isPublic":"Les réponses sont publiques",
"form_makePublicWarning":"Êtes-vous sûr de vouloir rendre les réponses à ce formulaire publiques ? Cette opération ne peut pas être annulée.",
"form_makePublic":"Publier les réponses",
"form_invalidQuestion":"Questions {0}",
"form_invalidWarning":"Certaines résponses contiennent des erreurs :",
"form_input_ph_url":"https://exemple.fr",
"form_input_ph_email":"courriel@exemple.fr",
"form_notAnswered":"<b>{0}</b> réponses vides",
"form_answerWarning":"Identité non confirmée",
"form_answerName":"Réponse de {0} le {1}",
"form_backButton":"Retour",
"form_viewButton":"Voir",
"form_answerAnonymous":"Réponse anonyme le {0}",
"form_showSummary":"Voir le résumé",
"form_showIndividual":"Voir les réponses individuelles",
"form_form":"Formulaire",
"form_editor":"Éditeur",
"form_results_empty":"Il n'y a pas de réponses",
"form_results":"Réponses",
"form_answered":"Vous avez déjà répondu à ce formulaire",
"form_cantFindAnswers":"Vos réponses à ce formulaire n'ont pas pu être récupérées.",
"form_updateWarning":"Mettre à jour avec erreurs",
"form_submitWarning":"Envoyer avec erreurs",
"form_delete":"Supprimer",
"form_sent":"Envoyé",
"form_reset":"Effacer",
"form_update":"Mettre à jour",
"form_submit":"Envoyer",
"form_maxLength":"Limite de caractères : {0}/{1}",
"form_maxOptions":"{0} réponse(s) maximum",
"form_duplicates":"Les doublons ont été supprimés",
"form_description_default":"Votre texte ici",
"form_type_page":"Saut de page",
"form_type_md":"Description",
"form_sort_hint":"Veuillez faire glisser ces éléments par ordre de préférence de 1 à {0}.",
"form_type_sort":"Liste ordonnée",
"form_type_poll":"Sondage",
"form_type_multicheck":"Grille de cases",
"form_type_checkbox":"Cases",
"form_type_multiradio":"Grille de Choix",
"form_type_radio":"Choix",
"form_type_textarea":"Paragraphe",
"form_type_input":"Texte",
"form_default":"Votre question ici ?",
"form_text_number":"Nombre",
"form_text_email":"Email",
"form_text_url":"Lien",
"form_text_text":"Texte",
"form_textType":"Type de texte",
"form_pollYourAnswers":"Vos réponses",
"form_pollTotal":"Total",
"form_poll_switch":"Inverser les axes",
"form_poll_time":"Heure",
"form_poll_day":"Jour",
"form_poll_text":"Texte",
"form_editType":"Type d'option",
"form_editMaxLength":"Nombre maximum de caractères",
yflory
3 years ago