Simple file hosting for the paranoid.
The entire codebase is licensed under AGPL unless explicitly stated otherwise.
As mentioned in the intro, files can be encrypted client-side before uploading. The algorithm used for this is AES in GCM mode with a random 128-bit key.
The key is included in the hash portion of URL. Web browsers don't forward this part to the server, but can still use it in their JavaScript code to perform decryption of the file.
The web client uses SJCL for the AES implementation. The CLI client uses the AES implementation in Go's standard library (crypto/cipher and crypto/aes)
Contributions are greatly appreciated. If you plan on making some big changes, please open an issue to discuss it first. I'm trying to keep this service as simple as possible so the chance of big changes getting merged in without any prior discussion is very low.
TODO
- Go 1.5 or newer (for vendoring support)
Yes, you do. The server could suddenly start serving a broken version of the crypto library or malicious JavaScript code that steals the key without you noticing.
To not delete your files? Yes. Other than that? No.
They're all true. You can use the included desktop CLI client if you prefer.