Please Note: 05-29-2023

Please note, as of 05-29-2023 this document is a work-in-progress and will updated relatively often.

Information is only partially complete.

What Is LibreStore?

It's FOSS (Fully Open Source Software) which provides the fastest and easiest and secure way to store data from your web apps.

Fastest, Easiest? Show Me An Example

Without knowing anything else you can create post your data using the following LibreStore WebAPI call: is the first test data-Change it to your unique message.&hmac=fake hmac&iv=fake iv&intent=fake-test

Clicking Link Really Saves Data

Yes, clicking that link actually saves the associated data to LibreStore.

When you run that command you'll see a new tab / window popup and provide you with a result. If all goes well, then you will receive a success: true and new buckeId value that indicates the id for the data you just saved.

It will look something like the following (except your bucketId will be different):

Test Data Will Be Deleted

Please note that test data will be deleted on a random schedule.

Can You Retrieve / See The Data?

Yes, you can see the data you saved with the GET request above by clicking the following link:

Note: This pops open a new tab. If you have a popup blocker it may not allow it.

Bad BucketIds Handled?

Yes, if you enter an invalid bucketId, you'll see that the success object returns with a value of false.

Also, if you provide a MainToken Key which does not own the BucketId then it will not be returned either.

How Is My Data Made Secure?

Here's what you need to know about securing your (or your user's) data.

  1. All data is intended* to be encrypted on the Client side
  2. The LibreStore developer provides you with various client-side algorithms which will allow you to use AES256 Authenticated Encryption to insure your data is always encrypted with a pass-phrase that only you know.
  3. Authenticated Encryption insures the encrypted data has not been corrupted or tampered with via HMAC (Hashed Message Authentication Code). This means your client-side code _should_ generate an HMAC and securely generated random IV (Initiliazation Vector) which will be stored (in LibreStore's db) along along with the data so you can verify data has not been corrupted or tampered with.
  4. However, if you choose not to encrypt your data and you store it as clear-text in the LibreStore database, LibreStore is not responsible if your data is stolen and/or used for malicious purposes.
  5. Of course, there will be much more explanation about how to properly encrypt your data and how all of this works.

What Technology Is LibreStore Built On

It's a .NET Core 6.x/7.x WebAPI written in C#.

It uses a Sqlite Database to store the user's data.

Where Can I See the Source Code?

At my GitHub repo: LibreStore source at GitHub

Are There Any Projects That Use LibreStore

C'YaPass: The FOSS Password Generator & Manager

C'YaPass uses it to encrypt (using Authenticated Encryption & AES256, of course) the user's Site-Keys when the user decides to store them for retrieval from any other system. The Site-Keys are encrypted with a password that only the user knows and they cannot be decrypted unless the proper password is used.

You can try the Web version of C'YaPass^ at the official site.

You can get the Android app at:

You can get the Windows App at:

You can get the Linux App at:

You can see the source code of C'YaPass built on ElectronJS which is cross-platform at:

You can see all of the source code for C'YaPass at: