Hansip: Simple file sharing with encryption for small/medium organization
This might be the most unexpected project I ever imagine before...
So, the company where I working now announcing an event for innovation awards, the competition is for the internal employees who have an idea for making our flow process become more efficient, in terms of cost, time spent or human resource.
I found myself thinking a lot, in the middle of the night to craft an Idea, but eventually stuck on safe file-sharing activities.
I know for that moment, the company trying to reach the ISO standard and I think we need to be more independent as we share our internal files through Gmail, Slack or any platform that we use in a daily basis, so we need a platform to share file with encrypted feature.
This means if we have an issue with the security, for example, getting breached or something like that, we have less worries about what happens next, or at least minimize the risk for our private data.
The Main Feature
After thinking some concept about how the application will be used, and imagine some use-cases. I need some features that need to be implemented.
- It must be a WebApp, where user can go there through the URL, creates an account (create the asymmetric key), and do file upload with a simple Drag-n-Drop.
- It must be able to ZIP the files with the password protection by default, where the ZIP encryption uses SHA-256 encryption (standard ZIP encryption supported by popular archive software like 7zip, winZip, winRar, etc.).
- It must produce the shortened link which later can be used for download the shared file. The download link is also protected by a password but could be optional as the ZIP file is already protected by password.
- Doing an encryption file encryption when the user choosing which members to open the file. This action will sign the file using the members public keys (the key generated at create account phase).
The Small Research
I'm not a security researcher, neither a person who know deeply about encryption, so I did a small research specifically to support on a file-encryption, then finally found a project called Age, which is currently registered as Community Cryptography Specification Project.
As the document mentioned
age is a modern file encryption format with multiple pluggable recipients, and seekable streaming encryption.
I found the encryption fits on my project, also it support asymmetric encryption which will be the main ingredient to do the encryption.
The Project: Hansip!
After some reading and simple iteration of POC (Prove of Concept), the project seems to long to get finished and registered for the event 😭 😭😭(innovation awards).
Don't wanna leave the project, I continue the development as my side-project as it's already started and getting more interesting in many ways.
Hansip is divided into two parts, one for the server backend which provides all services needed for API and the Encryption. The second one is the server web, a wrapper for HTML,CSS,JS Web Source and can be deployed separately for production.
All screenshots above are the small part of how the app works, by using drag-n-drop, asking for password and the last one is a simple page to download the encrypted files as a ZIP file (once the link is shared).
Where is the User Data Encryption Begins?
Some folks at reddit asked me where is the concept of that end-2-end encryption? since all of the data are saved on the server, and users sending no key/generated key for the encryption.
The answer is The User Password.
When user registering a new account, their password will be used to encrypt the asymmetric key (private key) which generated at the same time as user doing a POST registration, as You may see on the code at here.
After that moment, the server got public key and the private key.
Now everything related to the uploading document, images and any form of file will be encrypted using that public key, and only can be decrypted by the user private key.
When decrypt the private key (to decrypt the file), it requires a valid user password in the journey.
The public key also will be used if another registered users want to share their file to only specific people that they choose, it will simply sign the file by using choosen users public keys before saving the file.
Hopefully this project help You, whether You use it as an internal file-sharing with End-to-End encryption, or as an example to learn about End-to-End encryption software. Grab the latest version here and start playing! Cheers 🥂.