search

epoupon / fileshelter

FileShelter is a “one-click” file sharing web application
https://fileshelter-demo.poupon.dev
GNU General Public License v3.0
461 stars 35 forks source link

Encrypt password-protected files #38

Open ghost opened 4 years ago

ghost commented 4 years ago

It would be cool if files that are protected with a password would be encrypted on the server, or even better, end-to-end encrypted (the server will send the encrypted data for the client to decrypt themselves).

epoupon commented 4 years ago

End-to-end encryption is quite tricky. I think it would require the client to generate a key, encrypt the file, send the encrypted file, and create the link. The link would then contain both the identifier of the file and the key to be used to decrypt it.

I have very little js knowledge so not sure I can easily implement this myself in a reasonable amount of time :( (but I will happily help to)

krumelmonster commented 1 year ago

I'm neither qualified in javascript nor cryptography but OpenPGPjs with symmetric encryption and streaming seems like a very straightforward solution that leaves all cryptographic design to the very well established pgp encryption standard (in its slightly less famous symmetric mode). OpenPGPjs is a well known implementation in Javascript that has been independently audited.

The encryption password could either be user defined and typed in by the recipient of a file or generated on upload/encryption and added to download links via the fragment identifier.

Client side encryption in the web has been criticized for still requiring users to trust the server as it delivers the crypto code itself after all. I still believe this kind of encryption to be a very desirable feature aiding responsible admins in keeping their users data more safe. In any case care should be taken as to how to communicate this feature to users.

If I managed to wrap my head around wt I'd try to write a proof of concept for client side decryption of pgp files on the download page.

farfalleflickan commented 6 months ago

This would be really nice! Might have look into how to achieve this myself

farfalleflickan commented 4 months ago

I have made a small demo page (attached here). The javascript of it all is fairly simple actually - I have looked into it but not found a... straightforward way to add this to fileshelter because of Wt. Wt's non-clear distinction between server side and client side... confuses me.