A simple app which let you share file securely :)
Several reasons:
What relaysecret aim for:
How do you "scan for virus" ? Do you send my files to Virustotal?
After decrypting the content, a sha1 hash of the data is computed and send back to our lambda to fetch Virustotal scan result for that hash. So PLEASE PLEASE PLEASE do not put a single line with your ultimate 5 characters long AD password in it if you worry someone may MITM your traffic, discover the sha1 and run bruteforce on it.
Visit https://www.relaysecret.com/ to try it out.
This project has 3 parts:
Visit https://www.relaysecret.com/tunnel to try it out.
This mode let you create a "room". By visiting the URL above in another broser or device, entering the same room name, users can share and decrypt files from the same room. Note that all files in room will expire after 1 day.
Room mode does not generate a random temporary key material which you will find after the hash (#) in the URL. The key material here is simply the sha256 of the roomname itself so in a way, the roomname IS THE DEFAULT PASSWORD for files (if no extra password is used). Of course, same as before, the roomname or the tempkey stays in browser and do not go back to the server.
Users are encouraged to add password for extra protection. This password, same as before, will be used together with the sha256 value of the room name to make it much harder to bruteforce.
https://{server}/{object-key}#{key-material}
. Note that the key-material never leaves browser because it is behind anchor tag. User can choose to add his own password for extra securityAll cryptography operations are implemented using using the Web Crypto API. Files are encrypted using AES-CBC 256-bit symmetric encryption. The encryption key is derived from the password and a random salt using PBKDF2 derivation with 10000 iterations of SHA256 hashing.
Backend can be deployed with terraform:
- Go into ./terraform/
and copy terraform.tfvars.example to terraform.tfvars and add your own Virtus Total key as well as your AWS account ID
- run terraform apply
- Note down the output which contains the API address for our frontend.
- Modify ./frontend/assets/config.js
with the API address above
Now you just need to test it by hosting the frontend code somewhere. Note that webcrypto is ONLY AVAILABLE from "secure origin". Chrome requires the page to be loaded in "https" or from "localhost". to quickly test everything, you can try using python to host it locally python3 -m http.server 8888
and visit localhost:8888 in the browser.
This project is licensed under the GPL-3.0 open source license.