- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
I’m working towards something for secure/private/simple P2P file transfer. It isnt as “simple” as it could be, im still working on it, but ive got it down to:
- Zero-installation as a PWA
- Zero-registration by using local-only storage
- P2P-authentication using WebCrypto API
- Fast data-transfer using WebRTC
It’s far from finished, but i think ive got it “usable” enough to ask for feedback on it.
I’m aware there are things like SFTP and several other established protocols and tools. I started doing this because I was learning about WebRTC and it seems suprisingly capable. This isnt ready to replace any existing apps or services.
(Note: I know you guys on lemmy are interested in open-source code. this project is a spin-off from a bigger project: https://github.com/positive-intentions/chat)
Let me know what you think about the app, features and experience you would expect from a tool like this.
There is no encryption?
the implementation is based on WebRTC which mandates encryption as part of the spec browsers have to confirm to.
in the app i have a concept of “contacts” in the app. when establishing a new contact, i use that webrtc channel to do a diffie-helman key-exchange (with RSA asymmetric keys used to exchange to AES symmetric keys). (im using vanilla os/browser cryptography tools as seen here: https://github.com/positive-intentions/cryptography/blob/staging/src/stories/components/Cryptography.tsx)
https://positive-intentions.com/docs/research/authentication
in my setup, all data that is being sent over webrtc, is already encrypted specific to a recipient. that encryption is a redundency over the WebRTC offering.
there is a performance hit with this redundency, but then allows me to have things like a way to verify public keys with a peer to prevent MITM vulnerbilities.
https://positive-intentions.com/blog/security-privacy-authentication