Welcome to blindrelay!
Download and decryption API source code, example, and specification.
.NET Core source code and example is up!
Get the code and build the BlindrelayPublic.sln using Visual Studio 2019.
Blindrelay.Core - blindrelay .NET Core download and decrypt API
Blindrelay.Core.Example - example console app that illustrates logging in, receiving SignalR notifications, downloading files, and decrypting files.
This library is used in conjuction with the Windows 10 blindrelay app (available in the Microsoft App Store) to enable integration and automation with internal backend systems.
Visit https://blindrelay.com for more information.
blindrelay Architecture Overview
Blindrelay uses several Azure services (including over 70 Azure Functions, Cosmos DB, Blobs, Queues, and SignalR) and a Windows 10 Universal App to orchestrate end-to-end encryption groups. With an optional API Key purchased from within the blindrelay app, developers can develop backend .NET Core (or other language) code to integrate downloading and decryption in automated backend systems.
End-to-end encryption groups are created simply by inviting other users to a group via email addresses. Group members can be invited as publishers, subscribers, or both.
Group formation occurs as follows in the blindrelay Windows 10 app:
- General group settings are set and member invitee email addresses are specified.
- The group AES 256 encryption key is randomly generated (using CSRNG) and group member invitees get invited by a SignalR and/or an email (optional) invitation.
- Upon acceptance, group members receive the AES key via the member's RSA 4096 public key.
After a group is created, files can be published to the group. Generally, 5 gig and smaller files have been tested, but there isn't any reason much larger files won't work.
The steps in group file publishing are:
- In the app, manually select one or more files to publish (or use group watched folders to automatically publish)
- File gets AES 256 encrypted and HMACSHA256 signed (on publisher's device) with the group AES key in the CryptoBuffer format (see below).
- Encrypted file payload gets placed in an Azure blob and group subscriber records are recorded in Cosmos DB.
- Group subscribers are notified via SignalR that there are files to download.
The steps in group file download by subscribers are:
- Using the blindrelay app or custom backend code (via an API Key), files ready to download are streamed to subscriber devices, still encrypted.
- If using the app, the user has control when the downloaded files get decrypted. Additionally, if the API is used, the custom code can download and decrypt the file(s) after getting notified via SignalR.
- File decryption, using the group AES key, happens on the subscriber's device after the file has been downloaded.
For more detailed information, visit https://blindrelay.com/HowBlindrelayWorks
blindrelay CryptoBuffer File Format
Below is the specification for encrypted blindrelay files. The example source code and library handle parsing, but this is provided for reference to support additional languages.
|Data Bytes||Variable Length in bytes|
|UTF-8 Characters||Variable Length in bytes|
|Field||Type||Length (bytes or characters)||Contents or Purpose|
|PayloadLength||DWORD||8||Total length of file|
|Signature||Bytes||32||HMACSHA256 signature of file contents|
|CreatedBy||Bytes||Variable||ID of creator|
|KeyId||String||Variable||blindrelay ID of encryption key|
|Purpose||String||Variable||Generally the Group ID. Only keys of Purpose can decrypt file|
|MimeType||String||Variable||Mime-type of plaintext (not encrypted)|
|Created||DWORD||8||Unix time in milliseconds|
|Iv||Bytes||Variable||Initialization vector pertaining to EncryptionAlgorithm|
|CipherMetadata||Bytes||Variable||Encrypted metadata associated with ciphertext|
|CipherText||Bytes||Variable||File data encrypted with EncryptionAlgorithm|