Christoph Wiechert

So you mean pushing the password over the wire is more secure than decrypting on client side? Imho right if the password itself is weak. For me both solutions are...

hmm no http://localhost:3000/2507a65aac91 does not require a password - it renders the download-app, fetches the json and require the user to enter the password to decrypt the json

pls review

It's all somewhat like a workaround cause the support of [FileWriter API](https://caniuse.com/filesystem) is still not supported on FireFox and Safari so real E2E encryption is hard to implement (I've no...

> I think it's definitely possible to use the old mechanism (where the client fetch the .json file) and still use client side decryption, but the user woule receive the...

> Then any attacker could download AES encrypted uploaded files and then crack them offline, because no password was required to download these encrypted files. There is **NO** encryption of...

I looked at this topic. Unfortunately S3 is optimal for tus.io, see http://tus.io/blog/2016/03/07/tus-s3-backend I leave this topic open and will deal with it more intensively as long as it is...

PR welcome :p

As mentioned in other tickets: This needs an SMTP server which needs more config and installation knowledge so I want to keep PsiTransfer simple. I'll leave this ticket open for...

Note +3 from #27