Encrypted contact form that never exposes plaintext to your server

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for grayguava from gravatar.com grayguava

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: grayguava
  • Requires: Python >=3.8
Report project as malware

Project description

formseal

A server-blind, browser-native encrypted form poster.

Form submissions are encrypted in the browser using X25519 sealed boxes before reaching any endpoint. The backend receives and stores ciphertext prefixed with formseal. Decryption is operator-controlled.

formseal is not a hosted service, dashboard, or SaaS product. It is a drop-in client-side utility.

Installation

Via pipx (recommended)

pipx install formseal-embed

Via pip

pip install formseal-embed

Configure

fse configure quick

You'll be prompted for your POST endpoint and public key. See Getting started for key generation.

Security guarantee

If the POST endpoint is fully compromised, seized, or maliciously operated, previously submitted form data remains confidential.

Encryption happens in the browser. The backend stores ciphertext only. Decryption keys never exist in the backend environment. A backend compromise yields no recoverable plaintext.

Threat model

formseal is for environments where:

  • The hosting provider or backend may be compromised
  • The backend must be treated as hostile
  • Data seizure is a realistic concern
  • Retroactive disclosure must be prevented

The priority is backward confidentiality — protecting already-submitted data — not convenience or real-time administration.

How it works

On submit, formseal:

  1. Collects field values from your form by name attribute
  2. Validates them against your field rules (in fields.jsonl)
  3. Seals the payload with crypto_box_seal (Curve25519 + XSalsa20-Poly1305)
  4. POSTs ciphertext (prefixed formseal.) to your configured endpoint

Your endpoint stores the ciphertext. Only the holder of the private key can decrypt it.

Wire up your HTML

After fse init, files live in ./formseal-embed/. Reference them via your server's static path (e.g. /formseal-embed/globals.js).

<form id="contact-form">

  <!-- honeypot — hide off-screen with CSS -->
  <input type="text" name="_hp" tabindex="-1" autocomplete="off"
    style="position:absolute;left:-9999px;opacity:0;height:0;">

  <input type="text"  name="name">
  <span data-fse-error="name"></span>

  <input type="email" name="email">
  <span data-fse-error="email"></span>

  <textarea name="message"></textarea>
  <span data-fse-error="message"></span>

  <button type="submit" id="contact-submit">Send message</button>
</form>

<div id="contact-status"></div>

<script>
  window.fseCallbacks = {
    onSuccess: () => document.getElementById('contact-status').textContent = 'Sent securely.',
    onError:   (err) => console.error('formseal error:', err),
  };
</script>

<script src="/formseal-embed/globals.js"></script>

Payload format

{
  "version": "fse.v1.0",
  "origin": "contact-form",
  "id": "<uuid>",
  "submitted_at": "<iso8601>",
  "data": {
    "name": "...",
    "email": "...",
    "message": "..."
  }
}

The entire object is sealed with crypto_box_seal. Your endpoint receives ciphertext prefixed with formseal. as the request body.

No IP, no timezone, no fingerprints — just the data you explicitly collect.

Field configuration

Fields are defined in fields.jsonl (one JSON object per line):

{"name": {"required": true, "maxLength": 100}}
{"email": {"required": true, "type": "email"}}
{"message": {"required": true, "maxLength": 1000}}

Use the CLI to manage fields:

fse configure field add phone type:tel required:false
fse configure field required name true
fse configure field maxLength message 500
fse configure field remove company

CSS hooks

Selector When
[data-fse-error="field"] Populated with a validation error
[aria-invalid="true"] Set on invalid inputs
[data-fse-status="success"] Set on status element on success
[data-fse-status="error"] Set on status element on error

What formseal does not do

  • No admin dashboard or inbox UI
  • No hosted service
  • No bundled decryption tools (yet)
  • No npm dependencies at runtime

These are intentional.

Documentation

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for grayguava from gravatar.com grayguava

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: grayguava
  • Requires: Python >=3.8

Release history Release notifications | RSS feed

3.7.0

3.6.0

3.5.0

This version

3.4.2

3.4.1

3.4.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

formseal_embed-3.4.2.tar.gz (13.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

formseal_embed-3.4.2-py3-none-any.whl (15.9 kB view details)

Uploaded Python 3

File details

Details for the file formseal_embed-3.4.2.tar.gz.

File metadata

  • Download URL: formseal_embed-3.4.2.tar.gz
  • Upload date:
  • Size: 13.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for formseal_embed-3.4.2.tar.gz
Algorithm Hash digest
SHA256 9290e6e6b728fde59395956aff89a69cec245b09ee9f53eba782322dc62bdcf0
MD5 a075f0d3ace27f93dae1a6fed01d993f
BLAKE2b-256 cbe546810a8116c012700a30ba83b88737af55ca11c6c49f3467416c7f32afcb

See more details on using hashes here.

Provenance

The following attestation bundles were made for formseal_embed-3.4.2.tar.gz:

Publisher: publish.yml on grayguava/formseal-embed

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file formseal_embed-3.4.2-py3-none-any.whl.

File metadata

  • Download URL: formseal_embed-3.4.2-py3-none-any.whl
  • Upload date:
  • Size: 15.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for formseal_embed-3.4.2-py3-none-any.whl
Algorithm Hash digest
SHA256 a3a5f5aaa973ec6c5415153e6515a767cc34a5195ab5e1b21ea98263887ea265
MD5 a9cac033a4b35224142d5e9663b40142
BLAKE2b-256 435d7e07c472dfacfbd9c823a52f1e144cabc3221d948c5995d35ddc7cac8559

See more details on using hashes here.

Provenance

The following attestation bundles were made for formseal_embed-3.4.2-py3-none-any.whl:

Publisher: publish.yml on grayguava/formseal-embed

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page