Pb
Related articles
Contents
Security and privacy
The pb protocol should never be used for sending confidential or private information unencrypted.
All pastes are public, given one knows their URL. A less-guessable identifier may be obtained from pbpst
using the -p
option, but this does not provide real security or privacy.
Content of all pastes is always available to the operator of the service, and anyone who can access its servers.
UUID is the only way to authenticate with a pb service. If one loses the UUID, there is no way to manage a paste. If an adversary gets an access to the UUID, they have full access to it.
The pb protocol doesn't allow the recipient to reliably determine who has created a paste.
Server
Install the nodejs-gruntAUR and pb-gitAUR packages, and enable pb.service
.
To configure the server, edit the /etc/uwsgi/pb.ini
file.
Example: https://ptpb.pw
Client
For general usage of the command-line, see Bash and Core utilities.
curl
The curl package is available in the base group.
- Forms explained
- -F/--form This lets curl emulate a filled-in form in which a user has pressed the submit button. The
@
sign forces the "content" part to be a file. - ptpb.pw POST/
- HTML form (https://ptpb.pw/f)
command | curl -F c=@- https://ptpb.pwor upload a file (including images):
curl -F c=@- https://ptpb.pw < file
pbpst
Install the pbpst package, or pbpst-gitAUR for the development version.
-
man pbpst
-
man pbpst_db
Pastes are created with -S
, taking data from standard input by default. As such, shell pipes, here documents or here strings may be used. For example, to paste the output of the PRIMARY
(selection) clipboard:
$ xclip -o | pbpst -S
A file can be uploaded with -Sf
:
$ pbpst -Sf foo.txt
For all of the commands above a response is received that contains an URL:
$ echo 'ArchLinux: livin’ on the edge!' | pbpst -S
https://ptpb.pw/qJrv
In this example, https://ptpb.pw/qJrv is the URL at which the paste is available.
Managing pastes
To manage a paste, one needs its UUID. These are stored in a local database located in $XDG_CONFIG_HOME/pbpst/db.json
. Since it's inconvenient to manually search through the database, a descriptive message may be attached to a paste and then searched for from command line. The example below creates a paste containing a random text and then deletes it (-R
option):
$ thePaste="$(cat /dev/urandom | tr -cd [:print:] | head -c 32)" $ echo "$thePaste" kzx['{}uOd6olc`(AZXJc*&q\^TH(plx $ echo "$thePaste" | pbpst -S -m 'A random test message' https://ptpb.pw/scrubbed $ curl 'https://ptpb.pw/scrubbed' kzx['{}uOd6olc`(AZXJc*&q\^TH(plx $ pbpst -Dq test deadbeef-dead-beef-dead-000000000000 https://ptpb.pw/scrubbed A random test message N/A $ pbpst -Ru deadbeef-dead-beef-dead-000000000000 Paste deleted $ curl 'https://ptpb.pw/scrubbed' status: not found $ pbpst -Dq test
Note that the paste is also removed from the local database, so -Dq
can't find it.
One can't manage pastes for which one doesn't have UUID - this includes pastes that are, upon creation, matching already existing ones.
Expiration
By default pastes are created with no expiration time. They'll last as long as the service's operator let them. -x
option may be used to set the number of seconds after which a paste should be removed:
$ thePaste="$(cat /dev/urandom | tr -cd [:print:] | head -c 32)" $ echo "$thePaste" cnf[HiC%Ybe't]4aSeIruw5hkB.h~i^B $ echo "$thePaste" | pbpst -S -m 'A test message that expires after 60s' -x 60 https://ptpb.pw/scrubbed $ date; curl 'https://ptpb.pw/scrubbed' Tue Apr 12 19:11:41 CEST 2016 cnf[HiC%Ybe't]4aSeIruw5hkB.h~i^B $ date; curl 'https://ptpb.pw/scrubbed' Tue Apr 12 19:13:06 CEST 2016 status: not found
The expired pastes, while no longer available from the remote service, are still listed in the local database:
$ pbpst -Dq expires deadbeef-dead-beef-dead-1111111111 https://ptpb.pw/scrubbed A test message that expires after 60s 1460481140
To prune them -Dy
should be used:
$ pbpst -Dy $ pbpst -Dq expires
Shortening URLs
The -s
option (lowercase -s
) is used to create short URLs:
$ pbpst -s 'https://www.archlinux.org/' https://ptpb.pw/HnSO
Signing pastes using GnuPG
Details on setting up and using GnuPG are available on the relevant Wiki page.
Clearsigning the output of a command:
$ command | gpg2 --clearsign | pbpst -S gpg: using "FFFFFFFF" as default secret key for signing https://ptpb.pw/scrubbed $ curl 'https://ptpb.pw/scrubbed' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A signed message -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXDaNCAAoJEGEa8/dBnOWlUe4H/iviaH5Y4lx78ch5IyNSkRbp Wzbk4aJsLYMj4idmE82Ligg4d7lZPK1q+65QZIygSeXm7Vo5/YzP7kztenHzxA0G SvGuvML3RFwBtFb0AWqLE7Mt9zfq7PLSzhF6Qh87TklMSaluN86f5WSZmXca4SZG BL6eRJtjy7TEWa7/hJc0b1pn851KTBqjYcX6T79UcyR3eE5KLUrqICrY5lVbq1Qm UpstZWwgfPcchnoU2DfK3auxVRo37oHDT7N6VjEZyLP5ipbp6YPTLiCJhtjxhbLb x+nNqFYS1USy8EFo/ftudrQSLfhMRVYuQYFalrNGK3r5dw9dAXv5gdiXIz5rsPI= =FvyE -----END PGP SIGNATURE-----
Since gpg2
allows one to input the message to be signed, the following command may be used to manually type data to be sent:
$ gpg2 --clearsign | pbpst -S
The drawback of using clearsigning is that the process is destructive: GnuPG includes no tool for removing the signature, and the signing may change end-of-line characters. An alternative approach is to use --sign --armour
$ command | gpg2 --sign --armour | pbpst -S
or:
$ gpg2 --sign --armour | pbpst -S
The signature may then be verified and removed in one step with --decrypt
:
$ echo 'A signed message' | gpg2 --sign --armour | pbpst -S gpg: using "FFFFFFFF" as default secret key for signing https://ptpb.pw/scrubbed $ curl 'https://ptpb.pw/scrubbed' | gpg2 --decrypt A signed message gpg: Signature made Wed 13 Apr 2016 04:02:57 AM CEST using RSA key ID FFFFFFFF gpg: Good signature from "-"