PacCrypt

Important

Dev branch pushed to main, in this state it works but has its issues PacCrypt is still in the beginning stages of development. PacCrypt has not been examined for vulnerabilities yet. Due to this, PacCrypt and PacShare are not recommended for PII or sensitive information. User discretion is advised.

PacCrypt is used for text encoding and decoding (using a basic Cypher), text and file encrypting and decrypting (using AES-GCM more algorithms coming) — built with Flask, JavaScript, and AES-GCM encryption.
Built in admin control panel, GitHub updater, and a Pac-Man like game! 🕹️

---

Note

Windows as a server host is not offically supported. Some features may not work, or work incorrectly, if hosted on Windows. It is recommended to host the server on Linux. PacCrypt Server has been tested on Debian and Arch. The official server is hosted using Debian.

Features

• 🔒 Basic Cypher for Text
• 🔐 AES Encryption for Text & Files
• 📁 PacShare for Encrypted File Sharing
• 🔑 Random Password Generator
• 🎮 Pac-Man Like Game — type pacman into input
• 🧾 Admin Panel:
  • Site map with live route list
  • Server restart & GitHub update button
  • Admin credential management
  • Server logs & upload cleanup
  • Server Settings
• 📜 Error Landing Pages
• 📱 Mobile UI

---

Installation

Prerequisites

• Python 3.7+
• Flask 3+
• Cryptography 42+
• Waitress 2.1+
• Git
• Nginx (Recommended)

---

⚡ Quick Setup

git clone https://github.com/TySP-Dev/PacCrypt-Webapp.git
cd PacCrypt-Webapp
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Then run:

• Development Mode:

  ./start_dev.sh
  

• Production Mode:

  ./start_prod.sh
  

Visit http://127.0.0.1:5000 or http://localhost:5000 - If you are on the host system

Visit http://hosts_private_ip - If you are not on the host system but on the same network

Visit http://hosts_public_ip:5000 - If you are not on the host system but on a different network

---

Navigation & Usage

🔑 Generate Passwords

• Click Generate
• Boom a Password
• Note: This is also used as a seed generator for the Pac-Man like game

🔐 Encrypt & Decrypt

• Choose between Basic Cipher or Advanced AES
• Select mode using toggle (Encrypt/Decrypt)
• Type your message or upload a file
• Enter password (Advanced AES)
• Hit Execute
• Boom Encrypted/Decrypted Text/File

📤 Share Files

• Upload a file with two passwords:
  • Encryption password
  • Pickup password
• Get a shareable URL and click Copy Link

🎮 Pac-Man like Game

• Type pacman in the input box
• Arrow key and Swipe controls
• Game restarts and a new seed is generated once all dots are gone

---

🛠️ Admin Panel

Visit /adminpage

Note

You will be redirected to /admin-setup if you have not set a username and password yet.

Features:

• 🔄 Restart server
• 🔃 Update from GitHub (git pull)
• 🧽 Clear PacShare uploads
• 🔐 Change admin password
• 📝 View logs
• ⚙️ Adjust upload settings

---

🛡️ Deployment Tips

The official PacCrypt host is Debian minimal install.

HTTP Nginx config (Not recommended):

server {
    listen 80;
    server_name yourdomain.com; #<-- Your URL here

    # Basic Privacy-Respecting Logging
    access_log off; #<-- set to syslog:server=unix:/dev/log; for logging
    error_log syslog:server=unix:/dev/log crit; #<-- Currently set for only critical logs, remove crit for all logs

    # Hardened Proxy Settings
    location / {
        proxy_pass http://127.0.0.1:5000;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_http_version 1.1;
        proxy_set_header Connection "";

        # Timeouts
        proxy_connect_timeout 5s;
        proxy_send_timeout 30s;
        proxy_read_timeout 30s;
    }

    # Basic Hardening Headers
    add_header X-Frame-Options "DENY" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer" always;
    add_header Permissions-Policy "geolocation=(), microphone=()" always;

    # Prevent Abuse
    client_max_body_size 10M;
    keepalive_timeout 10;
    server_tokens off;
}

HTTPS Nginx config (Recommended):

# Redirect HTTP to HTTPS
server {
    listen 80;
    server_name yourdomain.com; #<-- Your URL here

    # Basic Privacy-Respecting Logging
    access_log off; #<-- set to syslog:server=unix:/dev/log; for logging
	error_log syslog:server=unix:/dev/log crit; #<-- Currently set for only critical logs, remove crit for all logs

    location / {
        return 301 https://$host$request_uri;
    }
}

# HTTPS Server Block
server {
    listen 443 ssl http2;
    server_name yourdomain.com;

    ssl_certificate path/to/yourdomain.com.cert; #<-- Could also be .cert.pem
    ssl_certificate_key path/to/yourdomain.com.key; #<-- Could also be .key.pem

    # SSL Hardening
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    # Strong security headers (adjust as needed)
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    add_header X-Content-Type-Options nosniff always;
    add_header X-Frame-Options DENY always;
    add_header Referrer-Policy "no-referrer" always;
    add_header Permissions-Policy "geolocation=(), camera=()" always;
    add_header X-XSS-Protection "1; mode=block" always;

    # Basic Privacy-Respecting Logging
    access_log off; #<-- set to syslog:server=unix:/dev/log; for logging
	error_log syslog:server=unix:/dev/log crit; #<-- Currently set for only critical logs, remove crit for all logs

    client_max_body_size xG; #<-- Change to what the max upload for PacCrypt Share

    # Reverse proxy to Flask
    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;

        # Comment these out if you want complete anonymity between client and app
        # proxy_set_header X-Real-IP $remote_addr;
        # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # proxy_set_header X-Forwarded-Proto $scheme;

        # Optional privacy: strip identifying headers
        proxy_hide_header X-Powered-By;
    }
}

---

🗂️ Project Structure

PacCrypt/
├── app.py
├── requirements.txt
├── README.md
├── templates/
│   ├── index.html
│   ├── 404.html
│   └── 403.html
│   └── 500.html
│   └── admin.html
│   └── admin_login.html
│   └── admin_settings.html
│   └── admin_setup.html
│   └── pickup.html
├── static/
│   ├── css/
│   │   └── styles.css
│   ├── js/
│   │   └── ui.js
│   │   └── pacman.js
│   │   └── main.js
│   │   └── fileops.js
│   │   └── encryption.js
│   ├── img/
│   │   └── PacCrypt.png
│   │   └── Github_logo.png
│   │   └── sitemap.png
│   ├── fonts/
│   │   └── PressStart2P-Regular.ttf
│   └── audio/
│       └── chomp.mp3
├── start_dev.bat
├── start_prod.bat
├── start_dev.sh
├── start_prod.sh