This app encrypts and decrypts files using the now widely supported WebCrypto API. The process or encryption/decryption is developed to leave no footprint, and have the service remain dumb to any information of the transaction while facilitating it aka user password, filename, file format. What the backend does, in fact, is simply store:
- A WebCrypto initialization vector which must be unique for every encryption operation carried out with a given key.
- It also stores the operation password hash which is used to facilitate the process by being converted to a CryptoKey (aka a 'given key') after it has been identified as the password of the encryptor.
- As well as the encrypted file name and Salt.
Redis is used to allow for flat expiration times of tokens/entries as well as because of dev. convenience. WebWorker are used to perform the computationally expensive operations such as File Read and the actual Subtle.encrypt/decrypt of the file data.
- User submits a file with a password for encryption.
- Random Salts and a IV Vector are generated.
- Password is used to import a CryptoKey(PBKDF2).
- Password CryptoKey is used with respective Salt for deriving 2 encryption keys(PBKDF2)
- First CryptoKey is used to encrypt the name of the file without the extension.
- The Salt for that key is added to the resulting encrypted name (ArrayBuffer).
- The Salted and encrypted buffer data is encrypted again with the second key.
- Name is send to the service alongside the IV Vector(Base64),second Salt(Base64), password.
- Service hashes the password and stores the data adding the decryption time(Redis TTL).
- First CryptoKey, IV Vector, File Blob(Bin Large Object) is passed to the WebWorker.
- WebWorker reads the Blob as a buffer and encrypts the data(AES-GCM).
- WebWorker returns data to app where it downloads it with the Base64 name to the client.
- User submits a file and a password for dencryption.
- App passes the password, file name(Base64) to the service.
- Service queries for the name and verifies the password hash.
- Service removes the item and returns the IV Vector and second Salt(Enc Work.).
- Salt and IV Vector are converted to ArrayBuffers.
- A CryptoKey(PBKDF2) is imported(created) from the raw(client side) password.
- Resulting key is used to derive another key with the Salt.
- This second key is used to decrypt the file from which the prepended Salt is extracted.
- This second Salt is used with the password key to derive the final key.
- It is used to decrypt both the file(WebWorker) and the filename (buffer result with no salt).
- File with a now decrypted name is downloaded to the client by the App.
FILE-ENCRYPT-DECRYPT uses a number of open source projects:
- JAVA11 - JAVA 11 SDK
- MAVEN - BUILD AUTOMATION TOOL
- SPRING-BOOT - SPRING PROJ BOOTSTRAP
- THYMELEAF - JAVA TEMPLATING ENGINE
- WEBCRYPTO - WWW RECOMENDED INTERFACE FOR CRYPTOGRAPHY
- WEBWORKERS - API FOR BACKGROUND THREAD HANDLING
- WEBFLUX - REACTIVE STREAMS API FOR NON BLOCKING SERVERS
- REDIS - IN-MEMORY DATA STRUCTURE STORE/CACHE
- LETTUCE - SCALABLE REACTIVE-REDIS CLIENT
Download Java dependancies for the project:
$ cd file_encrypt_decrypt
$ mvnw clean installThis application is an MAVEN APPLICATION USING THE MAVEN WRAPPER;
-
WITH CLI COMMANDS
To run open the terminal and navigate to the root project folder.
$ ./mvnw spring-boot:run
To package:
$ ./mvnw package
-
BE BUILD/RUN WITH DOCKER
To build:
$ docker build -f Dockerfile -t encrypto .To run:
$ docker run --rm -it -p 8080:8080 encrypto:latest
Available on port: 8080
-
FE BUILD/RUN WITH WEBPACK
To build:
$ npm run build
To run:
$ npm run serve
Available on port: 9000
- FE Expiration duration
- Update .JPG
