Gcm #106
Gcm #106
Conversation
|
Fixes #86? |
|
Can you sketch out what's going on with the crypto, divorced from the code? It looks like you're using a fraction of the pathname as a "salt" which you then call the IV? What properties do you expect that to have? |
|
@ekr The iv is also used as the file id, which is what we use to retrieve the file in the server-side code. The salt is not a parameter sent to the server (it follows the hash), and is used to encrypt/decrypt files. The aad is a separate field sent to the server by the uploader, for the sake of additional security. All of these values are random Uint8's created by the window.crypto module. The uploader uses the iv, salt, and aad to encrypt a file. The server sends the encrypted file to a receiver, who uses the iv and salt from the copy/pasted url, and the aad it gets from the server to decrypt the file in the browser. |
|
@abhinadduri I'm not really following. Do you have a wire protocol specification I can look at? |
server/portal_server.js
Outdated
| @@ -136,20 +137,24 @@ app.post('/delete/:id', (req, res) => { | |||
| }); | |||
|
|
|||
| app.post('/upload/:id', (req, res, next) => { | |||
There was a problem hiding this comment.
We no longer need the :id parameter in the upload url. new_id should be created at this level instead of in storage.js. It'd also be better to create meta.delete up here too. Ideally storage.js should only be concerned with saving and fetching the data from persistent storage and leaving the logic of what the data is and how it's created to something else (this function).
…eta.delete and newId out of storage module
frontend/src/fileReceiver.js
Outdated
|
|
||
| class FileReceiver extends EventEmitter { | ||
| constructor() { | ||
| super(); | ||
| this.salt = strToIv(location.pathname.slice(10, -1)); | ||
| this.salt = hexToArray(location.pathname.slice(10, -1)); |
There was a problem hiding this comment.
iv is coming from X-File-Metadata now so we shouldn't need this anymore.
frontend/src/fileSender.js
Outdated
| secretKey, | ||
| file.plaintext | ||
| ) | ||
| .catch(err => console.log('Error with encrypting.')), |
server/storage.js
Outdated
| const uuid = crypto.randomBytes(10).toString('hex'); | ||
|
|
||
| redis_client.hmset([id, 'filename', filename, 'delete', uuid]); | ||
| meta.id = id; |
There was a problem hiding this comment.
what is meta.id being used for? We probably don't need the old id that used to be iv anymore. If so we can remove it as a function parameter too
No description provided.