Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt password-protected files #38

Open
ghost opened this issue Jul 22, 2020 · 4 comments
Open

Encrypt password-protected files #38

ghost opened this issue Jul 22, 2020 · 4 comments
Labels
enhancement

Comments

@ghost
Copy link

ghost commented Jul 22, 2020

It would be cool if files that are protected with a password would be encrypted on the server, or even better, end-to-end encrypted (the server will send the encrypted data for the client to decrypt themselves).
@epoupon
Copy link
Owner

epoupon commented Jul 23, 2020

End-to-end encryption is quite tricky. I think it would require the client to generate a key, encrypt the file, send the encrypted file, and create the link. The link would then contain both the identifier of the file and the key to be used to decrypt it.

I have very little js knowledge so not sure I can easily implement this myself in a reasonable amount of time :( (but I will happily help to)

@krumelmonster
Copy link

krumelmonster commented Jan 29, 2023
edited

I'm neither qualified in javascript nor cryptography but OpenPGPjs with symmetric encryption and streaming seems like a very straightforward solution that leaves all cryptographic design to the very well established pgp encryption standard (in its slightly less famous symmetric mode). OpenPGPjs is a well known implementation in Javascript that has been independently audited.

The encryption password could either be user defined and typed in by the recipient of a file or generated on upload/encryption and added to download links via the fragment identifier.

Client side encryption in the web has been criticized for still requiring users to trust the server as it delivers the crypto code itself after all. I still believe this kind of encryption to be a very desirable feature aiding responsible admins in keeping their users data more safe. In any case care should be taken as to how to communicate this feature to users.

If I managed to wrap my head around wt I'd try to write a proof of concept for client side decryption of pgp files on the download page.

@farfalleflickan
Copy link

This would be really nice! Might have look into how to achieve this myself

@farfalleflickan
Copy link

farfalleflickan commented Mar 29, 2024
edited

I have made a small demo page (attached here). The javascript of it all is fairly simple actually - I have looked into it but not found a... straightforward way to add this to fileshelter because of Wt. Wt's non-clear distinction between server side and client side... confuses me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@farfalleflickan @epoupon @krumelmonster