Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
cmd
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

scytale

Simple file hosting for the paranoid.

License

The entire codebase is licensed under AGPL unless explicitly stated otherwise.

Encryption details

As mentioned in the intro, files can be encrypted client-side before uploading. The algorithm used for this is AES in GCM mode with a random 128-bit key.

The key is included in the hash portion of URL. Web browsers don't forward this part to the server, but can still use it in their JavaScript code to perform decryption of the file.

The web client uses SJCL for the AES implementation. The CLI client uses the AES implementation in Go's standard library (crypto/cipher and crypto/aes)

Contributing

Contributions are greatly appreciated. If you plan on making some big changes, please open an issue to discuss it first. I'm trying to keep this service as simple as possible so the chance of big changes getting merged in without any prior discussion is very low.

Installation

TODO

Requirements

  • Go 1.5 or newer (for vendoring support)

FAQ

Do I have to trust the server?

If you use the web interface

Yes, you do. The server could suddenly start serving a broken version of the crypto library or malicious JavaScript code that steals the key without you noticing.

If you only use the CLI client

To not delete your files? Yes. Other than that? No.

What about all those horror stories I heard about JavaScript crypto?

They're all true. You can use the included desktop CLI client if you prefer.

About

Simple file hosting for the paranoid

Resources

License

Releases

No releases published

Packages

No packages published