Trioxidation / Triox

A free file hosting server that focuses on speed, reliability and security.
GNU Affero General Public License v3.0
102 stars 14 forks source link

End to End Encryption #25

Open blmhemu opened 3 years ago

blmhemu commented 3 years ago

Is end-to-end encryption possible?

AaronErhardt commented 3 years ago

Not yet, but we're planning to introduce encryption with a rework of our storage API: #22

blmhemu commented 3 years ago

Thanks for pointing out the discussion. Regarding

Should the encryption be purely client-side instead? This would make things more efficient on the server side but protecting secrets like the private key inside a web application running in the web browser isn't easy.

I was thinking if something like https://www.etebase.com/ can be implemented or even better just use it as one of the backends. Also, Etebase has first class rust SDK support. (Although the backend itself is written in python)

AaronErhardt commented 3 years ago

@blmhemu I don't think that etebase is suitable for encrypted storage but it's still a good inspiration for a file sync protocol. I thought it might make sense to use both client-side and server-side encryption. Of course even server-side encryption would never allow an unencrypted public key to be stored on disk and only in memory to handle requests. Yet client-side encryption is still preferable but needs client libraries to work which is not so easy to integrate into a web front-end.