Sécurité¶
Trust Assumptions¶
CryptPad is end-to-end encrypted and the server has no access to your data. However, as with any other web application, some entities still need to be trusted in order to guarantee security:
Your chosen CryptPad instance to
run the same code as the one published on GitHub,
not block your network messages, and
follow its terms of service and privacy policy.
Your collaborators not to forward sharing links to illegitimate third parties.
Under these assumptions you can be sure that it is technically not possible to read or modify your documents by
your chosen CryptPad instance,
any powerful adversary that can see your web traffic, or
any other user.
We maintain a list of public CryptPad instances to let you better decide on whom you want to trust.
Avertissement
CryptPad does only provide a weak form of anonymity. Your chosen CryptPad instance can see your IP address and your "user agent" (browser and operating system).
If you need stronger anonymity guarantees, you can access CryptPad via Tor.
Mot de passe des documents et dossiers¶
Utilisateurs enregistrés
Quand vous partagez le lien d'un document ou dossier de manière non sécurisée (par exemple par e-mail ou SMS), il se peut que quelqu'un l'intercepte et y accède. Pour éviter cela, les propriétaires d'un document ou dossier peuvent ajouter un mot de passe.
When you share documents with your contacts and teams directly on CryptPad, communications are encrypted and we assume that you want to give them access. Therefore the password is remembered and sent with the document/folder when you share it. The recipient, or yourself, are not asked for it when they open the document.
Vous pouvez ajouter un mot de passe à un document lors de sa création.
Vous pouvez aussi ajouter ou modifier un mot de passe dans le menu Accès :
Dans le CryptDrive : Clique droit > Accès.
Dans la barre d'outils du document : Accès.
Verifying contacts¶
Utilisateurs enregistrés
To verify a contact's identity, i.e., that a contact belongs to the person you think, you can compare the public signing keys:
Ask your contact to share their public key over a secure channel with you.
If this public key matches the one from your contact's profile page, you can be sure that the contact belongs to the person at the other end of the secure channel.
Self-destructing documents¶
Utilisateurs enregistrés
Self-destructing documents will be destroyed automatically without the interaction of any user. This ensures that sensitive data is not accessible forever.
There are two ways to create self-destructing documents:
You can set an expiration time during creating.
You can share a document via a view-once-and-self-destruct link.
Déconnexion à distance¶
Utilisateurs enregistrés
Dans certains cas (vol ou perte de matériel, oubli d'une session ouverte sur un ordinateur partagé, etc.) il peut être utile de déconnecter toutes les sessions CryptPad actives. Cela peut être effectué de deux manières :
User menu (avatar at the top-right) > Settings > Confidentiality > LOG OUT.
Cette option déconnecte toutes les sessions à distance sauf celle depuis laquelle elle est activée.
Menu utilisateur (avatar en haut à droite) > Se déconnecter partout.
Cette option déconnecte toutes les sessions à distance y compris celle depuis laquelle elle est activée.
Déconnexion à distance¶
Dans les éditeurs Markdown (Code / Markdown, Présentation, Kanban), CryptPad bloque les images et autres contenus hébergés à distance pour éviter tout risque de traçage.
Utilisateurs enregistrés
Pour insérer des images à partir du CryptDrive ou pour en ajouter de nouvelles, utiliser le menu Insert. Ce menu insère un élément media-tag
qui est plus complexe que la syntaxe d'image Markdown mais qui est géré automatiquement.
Known caveats¶
No unique usernames¶
Neither the account name nor the display name is unique in CryptPad. This means that you cannot trust usernames to identify people. Instead, identify your contact via their public keys.
Edit rights in teams¶
Team members with edit access to a teams drive may share this access to other users both inside and outside the team. Team members may even convert folders into shared folders and delegate their access to anybody they want.
You therefore have to be careful with whom you grant edit rights. You may also want to
set the role of a member to viewer and selectively share edit rights to this person.
use access lists to limit the access to a file to specific contacts.
Access of former team members¶
The team communication is encrypted with static keys. This implies that a former team member still has the keys. A former team member can therefore potentially decrypt team messages and can also keep the same access to the team's document as before. However, this requires to modify the client source code as the official one does neither store the keys nor decrypt any messages of a team which the user is not part of.