transfer.sh icon indicating copy to clipboard operation
transfer.sh copied to clipboard

Published 20 hours ago verified publisher icon dutchcoders

service side encryption for local backend

Open fnpanic opened this issue 3 years ago • 5 comments

Hi,

it would be great to have server side encryption for localbackend by passing a password as a header and then encrypting it with AES. On download the password should be passed to the server.

The server itself das not store the passwords and so has encryption at rest.

fnpanic avatar Feb 28 '22 22:02 fnpanic

hi @fnpanic

there is still open a PR I worked on long time ago: https://github.com/dutchcoders/transfer.sh/pull/162

there are some concerns having the encryption on server side since you have to trust the server obviously.

paolafrancesca avatar Mar 01 '22 12:03 paolafrancesca

@aspacca Thanks for your feedback! That is exactly what i was thinking about. The downsides are clear but it is really a good solution for encryption at rest.

Any chance to get this merged?

fnpanic avatar Mar 01 '22 14:03 fnpanic

@fnpanic revamped it

but I can see this: https://github.com/golang/go/issues/44226

@stefanbenten what do you think?

paolafrancesca avatar Mar 02 '22 13:03 paolafrancesca

I forgot: you can achieve the same goal with https://github.com/dutchcoders/transfer.sh#encrypt--upload

paolafrancesca avatar Mar 02 '22 13:03 paolafrancesca

Yes it does but if you download it form a windows box it is not very easy to decrypt it on the fly. That is why i think your patch is a great fit here.

fnpanic avatar Mar 02 '22 21:03 fnpanic