Ask HN: 我们搭建了一个具备加密打印和导出的气隙文档库
2 分•作者: KevinG777•6 个月前
Hi HN,
我们正在开发一个文档保险库,专为无法接受云端暴露的个人和组织设计。
该系统在某些方面刻意保持“无聊”:
• 无需账户
• 核心功能不依赖云端
• 完全离线运行
• 本地加密
• 气隙存储
• 加密导出和受控加密打印
我们之所以开始这个项目,是因为打印。在许多环境中,打印仍然不可避免,并且仍然是最大的数据泄露途径之一。大多数隐私工具都止步于存储,完全忽略了输出。
这并非旨在取代所有人的云存储。它适用于威胁模型假定以下情况的场景:
• 网络是恶意的
• 云账户最终会被攻破
• 有时必须牺牲便利性来换取控制权
我们明确声明:
• 并非“无法破解”
• 并非“军工级”
• 并非“零风险”
我们试图最小化攻击面和失效模式,而不是消除它们。
我们非常希望收到关于以下方面的反馈:
• 威胁模型的盲点
• 加密打印的假设
• 物理访问风险
• 更新和密钥管理策略
• 什么会让你立刻对它失去信任
如果这听起来像你永远不会使用的东西,那也是有用的反馈。
谢谢。
查看原文
Hi HN,<p>We are working on a document vault designed for people and organizations who cannot accept cloud exposure.<p>The system is intentionally boring in some ways:
• No required accounts
• No cloud dependency for core functionality
• Fully offline operation
• Local encryption
• Air-gapped storage
• Encrypted export and controlled, encrypted printing<p>The printing piece is why we started this. In many environments, printing is still unavoidable, and it remains one of the largest data-leak vectors. Most privacy tools stop at storage and ignore output entirely.<p>This is not meant to replace cloud storage for everyone. It is for cases where the threat model assumes:
• Networks are hostile
• Cloud accounts will eventually be compromised
• Convenience must sometimes be traded for control<p>We are explicitly not claiming:
• “Unhackable”
• “Military-grade”
• “Zero risk”<p>We are trying to minimize attack surface and failure modes, not eliminate them.<p>We would genuinely value feedback on:
• Threat model blind spots
• Encrypted printing assumptions
• Physical access risks
• Update and key management strategies
• What would make you immediately distrust this<p>If this sounds like something you would never use, that is also useful feedback.<p>Thanks.