Airshare icon indicating copy to clipboard operation
Airshare copied to clipboard

Published 20 hours ago verified publisher icon KuroLabs

Encrypted File transfer

Open nandahkrishna opened this issue 4 years ago • 3 comments

Adding this to Airshare improves security. @mohanpierce99 add details here, please.

nandahkrishna avatar Jun 05 '20 08:06 nandahkrishna

#17 has to be implemented first before attempting this issue. Files have to be encrypted with AES-256 with a strong key derived from a password-based key derivative function along with HMAC Integrity (hashlib.pbkdf2_hmac).

Every transfer should be encrypted regardless of the password feature being used or not. So the Airshare code is pre-set as the default password for the file else the password given by the user is used.

mohanpierce99 avatar Jun 05 '20 10:06 mohanpierce99

I'm no security expert, but could you wrap the entire data streaming into another (encrypted) protocol, like TLS to ensure secure transport?

That way you wouldn't have to come up with your own protocol and/or encryption and you could use an existing implementation (for example libressl).

JulianGmp avatar Jun 06 '20 10:06 JulianGmp

I know but will tls work in HTTP tho, given we have a web interface that allows you to download and upload. So as this isn't https, I'm still skeptical over this decision

mohanpierce99 avatar Jun 06 '20 12:06 mohanpierce99