End-to-end encrypted file sharing
Web client for blindsend, an open source tool for private, end-to-end encrypted file exchange.
Web client communicates with the server through REST API. It executes encryption and handles uploading and downloading of the files from the Cloud Storage.
To access the Cloud Storage, the web client must obtain signed GCP links from the server. The signed links are used when a third party needs to access a resource on the GCP.
To keep sensitive information away from the blindsend servers, links use the URL fragments. They are the parts of the URL after the # symbol which are not sent to the server when the URL is opened in the browser.
When uploading a file, the file is split into chunks of 4MB. 4MB chunks are loaded into the memory, encrypted and uploaded to the Cloud Storage.
When js fetch api implementations start supporting ReadableStream request bodies, one request will be enough to transfer the file.
When downloading a file, the entire file is downloaded in a single request. Body of a response of the fetch api has type ReadableStream<Uint8Array> so the file bytes can be decrypted (transformed with TransformStream) before the entire file arrives.
As soon as a 4MB chunk is downloaded, it is decrypted and streamed to disk with a help from StreamSaver library. At no point is the whole file kept in memory, just the part currently being decrypted.
Web client is written in TypeScript and React. Web Crypto API is used for encryption.
- App architecture is Elm like with elm-ts library as the backbone.
- streamsaver.js to handle saving large files as streams.
- filesize.js to display file sizes.
- Idb-keyval to store the keys in the browser storage in case of passwordless file request.
- tai-password-strength to calculate the relative strength of a password.
- Various UI elements are handled with swiper and spinners-react.
- web-streams-adapter and web-streams-polyfill to make streams work in different browsers.
Web client is tested in different browsers using BrowserStack.
On desktop operating systems, It works with all major browsers.
On iOS, it works with Safari. For other iOS browsers, download doesn’t work.
On Android, it works with Chrome and Firefox.
In the root directory of the project, run
yarnto install dependencies and then
yarn buildto build the project.
Web client files will be in the dist folder in the root directory.
If the server is on a different domain, change the value of the HOST variable in the webpack.prod.js file to the server endpoint (default value is null, if the server and client are using the same domain).
new webpack.DefinePlugin({
HOST: 'https://server-endpoint.com',
...
)}blindsend is under development by a team of software engineers at blindnet.io and several independent cryptography experts.
All community participation is subject to blindnet’s Code of Conduct.
Stay up to date with new releases and projects, learn more about how to protect your privacy and that of our users, and share projects and feedback with our team.
- Join our Slack Workspace to chat with the blindnet community and team
- Follow us on Twitter to stay up to date with the latest news
- Check out our Openness Framework and Product Management on Github to see how we operate and give us feedback.
The blindsend-web-client is available under MIT (and here is why).