TECHNICAL NOTENovember 4, 2024

copypaste.fyi: Secure, Deterministic Clipboard Relay

The motivation behind copypaste.fyi: designing a low-latency edge-native relay for developers who live in tmux, and engineering short-lived encrypted token exchanges.

← Back to Blog

01 // THE MOTIVATION

If you live in the terminal, you know the pain of copying text from a remote server to your local machine. Maybe you are logged into a headless server over SSH via tmux, and you want to extract a 100-line stack trace or an API configuration block.

Using native mouse selections usually messes up tmux pane borders. Pasting into Slack or Discord exposes your data to corporate indexing and is slow. Setting up X11 forwarding or agent forwarding is brittle and complex.

I built copypaste.fyi to solve this friction once and for all. I wanted a developer-first clipboard relay that is faster than a browser bookmark and integrates natively with Unix pipelines:

$ cat logs.txt | curl -F "file=@-" https://copypaste.fyi
> Token: 829-104 (TTL: 5m, self-destructs on read)

02 // HIGH-LEVEL SECURITY & ARCHITECTURE

Security and privacy were non-negotiable. I did not want to host yet another database storing developers' secrets or code snippets indefinitely.

The service is designed around three strict principles:

  • Single-Use (Self-Destructing): As soon as the retrieval request completes, the data is wiped from memory. It can never be read twice.
  • Ephemeral TTLs: Snippets have a default time-to-live (TTL) of 5 minutes. If not retrieved, they vanish automatically.
  • Zero-Knowledge Encryption: When using the web client, snippets are encrypted using AES-GCM directly in the browser via the Web Crypto API before being uploaded. The encryption key is included in the URL hash fragment (e.g., https://copypaste.fyi/#key=...), which is never sent to the server. The server only sees ciphertext.

03 // UNDER THE HOOD: EDGE MEMORY

To achieve deterministic sub-20ms delivery, the relay is built on a serverless edge architecture:

# Vercel KV / Global Redis Cache

Data is held in globally replicated, memory-bound key-value storage. This guarantees that whether you are pushing from a server in Frankfurt or pulling from a terminal in Tokyo, latency remains extremely low.


# Short-Lived Token Generation

Tokens are randomly generated integers formatted as XXX-XXX. This gives a large enough keyspace for active, short-lived snippets while keeping typing friction to a minimum.

04 // VISUALIZING THE PROTOCOL CHOREOGRAPHY

The interactive visualizer below models this sequence step by step in a live 60 FPS HTML5 Canvas. Hovering and clicking the elements allows interactive inspection of the security pipeline:

COPYPASTE // SECURE_TUNNEL_ESTABLISHED
E2EE: X25519AEAD: CHACHA20
The protocol, step by step — hover entities to inspect variables (A public keys, Relay storage structure, B decay triggers). Click B to force self-destruction sparks, click the TTL bar to reset the countdown.
  • Double-Helix Key Exchange (KEX): The first phase demonstrates the Diffie-Hellman handshake. Hovering **Sender A** shows the public-key generation parameter formula $pk_a = sk_a \cdot G$ and renders a rotating vector arrow demonstrating elliptic curve point multiplication.
  • Cryptographic Storage (SEAL): The second phase simulates symmetric encryption. Hovering **RELAY** reveals its zero-knowledge architecture—it renders a secure encrypted payload grid and displays a locked data tooltip showing that the relay holds only ciphertext $c$.
  • Manual Self-Destruction (BURN): Hovering **Receiver B** details receipt token validation. **Clicking Box B** manually triggers the 50-spark physics self-destruction explosion, demonstrating the immediate memory erasure.
  • Time-To-Live countdown (TTL): Stretches across the right quadrant. Hovering the bar displays a reset countdown prompt, and **clicking the TTL bar** resets the countdown timer with a flash.

05 // CONCLUSION

copypaste.fyi simplifies terminal-to-browser data handoffs by keeping them command-line native, edge-fast, and end-to-end encrypted. It makes tmux-centric workflows feel fluid again.

Check out the repository at the copypaste.fyi GitHub Repository and use it at copypaste.fyi.