Today we are releasing the first cut of Lockbox, an application for creating simple encrypted web forms! Lockbox arose out of our work helping with mutual aid funds, where community groups were looking for better privacy guarantees for applicants and their personal info than mainstream hosted alternatives.
Lockbox consists of a desktop app for managing encryption/decryption keys and a web app for receiving and encrypting form submissions. If an attacker gets read-only access to the server where the form is hosted (via vulnerable co-hosted apps or weaknesses in shared host configuration), they are unable to decrypt the submitted data. Only the private key holder can decrypt submissions, and the private key file can be kept offline and only shared with people who should have access to submissions.
Lockbox is a barebones app right now, making it easy for us to audit for security while being flexible for customization. We’ll be adding features over time, prioritized according to feedback. We are also investigating creating a hosted version. If you would be interested in a hosted version or have any other feedback, please get in touch!.
As with everything we make, Lockbox is free and open source. If you’d like to support our work, please consider donating!