End-to-End Encryption in Paste Pal

Paste Pal đź“‹ implements end-to-end encryption (E2EE) to ensure clipboard content remains secure and private between participants. All messages are encrypted on the client side, and the server only stores ciphertext.

Architecture

Each client generates a persistent identity key pair and a set of one-time pre-keys. These keys allow clients to establish secure pairwise sessions with other participants. The server acts purely as a message relay and never sees plaintext.

Client Aidentity, signedPreKey, one-time pre-keysClient Bidentity, signedPreKey, one-time pre-keysfetch bundle → X3DH handshakePairwise session (ratcheting)

Pairwise Encryption

In a room with N clients, each client establishes a separate encrypted session with every other client, resulting in N * (N - 1) / 2 unique pairwise sessions. Messages are encrypted individually for each recipient and sent via the server.

ABCDE

One-Time Pre-Keys

One-time pre-keys allow a new client to establish a secure session with any existing client, even if the recipient is offline. Each pre-key is consumed once, preventing replay attacks and ensuring forward secrecy.

Message Flow

When a client updates the clipboard:

  • The client encrypts the new content separately for each session.
  • The encrypted message is sent to the server, which stores it temporarily.
  • Each recipient decrypts the message using their session key.

Client Aencrypt per peerSupabase (ciphertext)store & realtime pub/subClient Bdecrypt with sessionciphertextdeliver

Forward Secrecy and Security

Using Signal Protocol’s double ratchet algorithm, sessions automatically update keys after each message. Even if a session key is compromised, past messages remain secure.

Conclusion

Paste Pal’s E2EE design ensures that clipboard content remains private across all participants. The server never has access to plaintext, and dynamic key management allows new clients to join securely at any time.