A file-sharing app providing end-to-end encryption of data.

Overview

secsend

secsend is a file-sharing app providing end-to-end encryption of data. It provides a web application and a command-line interface (CLI).

demo.mp4

It has some unique features:

  • on-the-fly encryption and decryption in the browser. For instance, a movie can be directly decrypted in the browser without having to be downloaded first.
  • multi-files upload: on-the-fly creation of Zip archives (without any temporary archive creation - webapp only)
  • pause & resume uploads
  • automatic upload resuming when connection fails or timeouts (webapp only)
  • lightweight web application (HTML/CSS/JS in less than 100kb)

On top of that, it supports more classical features, like file size limitation & timeout.

Please also read the security considerations section before deployment and usage.

The backend & CLI are written in Python. The web application is written in Typescript.

Table of contents

Server installation & configuration

Quick'n'dirty

To quickly try secsend, you can run a server directly from your shell:

$ pip install secsend_api secsend_webapp
$ sanic secsend_api.prod.app -p 8000

You can now access secsend by going to http://127.0.0.1:8000.

Not installing secsend_webapp will disable the webapp. Only the command line interface will work.

By default, uploaded files will be saved in the directory secsend_root, relative to the current directory. See the configuration section on how to change this behavior, among with other options (file size & time limit).

Run with Docker

Copy docker.env.example to docker.env, and modify its content to configure secsend (e.g. file size limit).

Then, run secsend with docker:

# docker run --env-file docker.env -p 8000:80 -v /path/to/data/storage:/data aguinet/secsend:v1.0.0

/path/to/data/storage will contain the uploaded files and associated metadata.

If you have changed SECSEND_LISTEN_PORT in docker.env, change the -p option accordingly.

You can now open http://127.0.0.1:8000 to access secsend!

Run with systemd

Let's say you want to run secsend on a server using systemd, under the user www-send.

First, create a Python virtualenv and install secsend:

$ virtualenv secsend_venv && . secsend_venv/bin/activate
$ pip install secsend_api secsend_webapp

Then, declare the secsend service in systemd, by creating the file /etc/systemd/system/secsend.service with this content:

[Unit]
Description=secsend

[Service]
# Command to execute when the service is started
ExecStart=/path/to/secsend_venv/bin/sanic secsend_api.prod.app -p 8000 -H 127.0.0.1

# Disable Python's buffering of STDOUT and STDERR, so that output from the
# service shows up immediately in systemd's logs
Environment=PYTHONUNBUFFERED=1
Environment=SECSEND_BACKEND_FILES_ROOT=/path/to/data/storage

Restart=always
User=www-send

[Install]
WantedBy=multi-user.target

/path/to/data/storage must be writable by the www-send user. See the configuration section for other environment variable you can declare to configure secsend.

Finally, enable & run the secsend service:

$ systemctl enable --now secsend.service

secsend is now accessible at http://127.0.0.1:8000.

Configuration

secsend can be configured through various environment variables:

  • SECSEND_FILESIZE_LIMIT: maximum file size in bytes. 0 means no limit.
  • SECSEND_TIMEOUT_S_VALID: valid time limits, as a comma-separated list of seconds. 0 seconds means no limit.
  • SECSEND_BACKEND_FILES_ROOT: path to secsend's data storage

Command line usage

Installation

$ pip install secsend

Upload a file

$ secupload myvideo.mp4 https://send.domain.com

secupload will generate two links:

  • an administration link that can be used to resume or delete this file
  • a download link you can give to the recipients of this file

Use the -c flag to resume an upload, using an administration link:

$ secupload -c myvideo.mp4 https://send.domain.com/dl?id=XXXXXX#YYYYY

Download a file

$ secdownload https://send.domain.com/dl?id=XXXXXX#YYYYY

By default, the original filename will be used as the destination filename. Use -o to override this.

Delete an uploaded file

$ secadmin -d https://send.domain.com/dl?id=XXXXXX#YYYYY

You need to use an administration link for this to work.

Security considerations

Attack models

Passive attacker

In this attack model, we consider that the attacker has access to the files that the server receives.

In this model, end-to-end encryption is efficient, as the server (in theory) does not own any secret to decrypt and/or tamper the transmitted files. Also, he can't inject malicious Javascript as in the active attacker model described below.

Active attacker

In this attack model, the attacker has full control over the server, or communications between clients and the server. It means that it can, among other things, deliver compromised Javascript to clients.

Web application

In the active attacker model, where we consider that the server is compromised and/or malicious, compromised javascript can be shipped to clients. That Javascript code could thus leak decryption keys to the attacker.

This is a general and known problem with web application applications that are doing client-side encryption.

For setups that needs a high level of confidentiality and do not want to trust the server secsend is deployed onto, it is highly recommended to use the command line interface for both the sending and receiving parties.

You might also like...

Advanced Web3 file storing and sharing application.

Advanced Web3 file storing and sharing application.

Storz Winner of Decentralized Storage Infrastructure & Community Choice Award of Web3 Infinity Hackathon 2022 organized by Protocol Labs, Filecoin Fou

Dec 30, 2022

A quickstart AWS Lambda function code generator. Downloads a template function code file, test harness file, sample SAM deffiniation and appropriate file structure.

Welcome to function-stencil 👋 A quickstart AWS Lambda function code generator. Downloads a template function code file, test harness file, sample SAM

Jun 20, 2022

Serve file server with single zip file as file system in Deno.

zipland Serve file server with one-single zip file in Deno. Support zip just zip32 with deflated or uncompressed serving plaintext deflate Examples Yo

Nov 2, 2022

Feel free to create new file, don't hesitate to pull your code, the most important thing is that the file name here must match your nickname so that file does not conflict with other people.

Hacktoberfest Indonesia Apa Itu Hacktoberfest ? Hacktoberfest adalah acara tahunan yang bertujuan untuk mendorong berkontribusi kedalam ekosistem open

Dec 15, 2022

An extension to Panic's Nova editor currently providing an alternative file browser.

Explorer.novaextension Welcome to the repository of the Explorer Nova extension. The actual extension and its README can be found only one directory a

Nov 14, 2022

JSON Visio is data visualization tool for your json data which seamlessly illustrates your data on graphs without having to restructure anything, paste directly or import file.

JSON Visio is data visualization tool for your json data which seamlessly illustrates your data on graphs without having to restructure anything, paste directly or import file.

JSON Visio is data visualization tool for your json data which seamlessly illustrates your data on graphs without having to restructure anything, paste directly or import file.

Jan 4, 2023

Tax-finder - A web application sourcing and sharing tax data on Fortune 500 corporations.

This is a Next.js project bootstrapped with create-next-app. Getting Started First, run the development server: npm run dev # or yarn dev Open http://

Jan 1, 2022

💡 Providing equitable access to human useable Web3 data.

💡 Providing equitable access to human useable Web3 data.

💡 Providing equitable access to human useable Web3 data. Unidata The beauty of Web3 is that everyone owns their data, but accessing and displaying ow

Jan 2, 2023

💡 Providing easy access to human-friendly Web3 data.

💡 Providing easy access to human-friendly Web3 data.

💡 Providing easy access to human friendly Web3 data. Unidata Docs The beauty of Web3 is that everyone owns their data, but accessing and displaying o

Dec 29, 2022
Comments
  • build(deps): bump loader-utils from 2.0.2 to 2.0.3 in /webapp

    build(deps): bump loader-utils from 2.0.2 to 2.0.3 in /webapp

    Bumps loader-utils from 2.0.2 to 2.0.3.

    Release notes

    Sourced from loader-utils's releases.

    v2.0.3

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)
    Changelog

    Sourced from loader-utils's changelog.

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 1
  • build(deps): bump loader-utils from 2.0.2 to 2.0.4 in /webapp

    build(deps): bump loader-utils from 2.0.2 to 2.0.4 in /webapp

    Bumps loader-utils from 2.0.2 to 2.0.4.

    Release notes

    Sourced from loader-utils's releases.

    v2.0.4

    2.0.4 (2022-11-11)

    Bug Fixes

    v2.0.3

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)
    Changelog

    Sourced from loader-utils's changelog.

    2.0.4 (2022-11-11)

    Bug Fixes

    2.0.3 (2022-10-20)

    Bug Fixes

    • security: prototype pollution exploit (#217) (a93cf6f)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
Releases(v1.0.0)
Owner
Adrien Guinet
Adrien Guinet
A fully cross-platform messenger app with End to End Encryption (E2EE).

Smartsapp A fully cross-platform messenger app with End to End Encryption (E2EE). Demo NOTE: The features shown in the demo is not exhaustive. Only th

Derek Jones 13 Aug 25, 2022
A small utility server to exchange data and messages between clients. Comes complete with E2E public key encryption

Zenotta Intercom A small utility server to exchange arbitrary data between clients. Comes complete with E2E public key encryption Official documentati

Zenotta AG 7 Oct 2, 2022
A service for sharing encrypted Markdown notes from Obsidian. Notes are end-to-end-encrypted and are only stored temporarily.

?? Noteshare.space Noteshare.space is a service for sharing encrypted Markdown notes from Obsidian. Notes are end-to-end-encrypted and are only stored

Maxime Cannoodt 56 Dec 26, 2022
Onchain private messaging app with a significant encryption algorithm.

Hedwig DEMO We want to implement SSL technology to blockchain so decided to build onchain private messaging app. Diffie Hellman protocol was invented

İzzet Emre Demir 5 Nov 3, 2022
Next-gen mobile first analytics server (think Mixpanel, Google Analytics) with built-in encryption supporting HTTP2 and gRPC. Node.js, headless, API-only, horizontally scaleable.

Introduction to Awacs Next-gen behavior analysis server (think Mixpanel, Google Analytics) with built-in encryption supporting HTTP2 and gRPC. Node.js

Socketkit 52 Dec 19, 2022
A Hackable Markdown Note Application for Programmers. Version control, AI completion, mind map, documents encryption, code snippet running, integrated terminal, chart embedding, HTML applets, plug-in, and macro replacement.

Yank Note A hackable markdown note application for programmers Download | Try it Online >>> Not ecommended English | 中文说明 [toc]{level: [2]} Highlights

洋子 4.3k Dec 31, 2022
A web watermark SDK, support: custom watermark content and style, watermark encryption and decryption, watermark anomaly monitoring, etc.

English | 简体中文 1. What is l-watermark? l-watermark is a web watermark SDK based on TS, which contains: Can cover more than scene watermarking method A

Liurx 23 Dec 10, 2022
Timelock Encryption made practical. A Typescript library for encrypting for the future.

tlock-js A typescript library for encrypting data which can only be decrypted at a set time in the future using drand. tlock-js uses AGE to symmetrica

drand 54 Dec 1, 2022
A self-hosted file sharing platform.

Pingvin Share Pingvin Share is a self-hosted file sharing platform made for the Appwrite Hackathon. ?? Showcase Demo: https://pingvin-share.dev.eliass

Elias Schneider 354 Jan 7, 2023
API for P2P file sharing web application, Zed

zed-sharing-node Backend for file sharing app built with the MERN Stack Report Bug · Request Feature About The Project ??‍??️ This is the API for Zed,

Quavo 9 Nov 29, 2022