Encryption Method

Using the Browser (Client Side Encryption)

When you using the web interface for uploads, the file is loaded using the javascript FileReader API.

Once the file is completely loaded into the buffer, a key and iv are generated by a random string generator to create a key that is 256 Bits and an iv (Block Size) that is 128 Bits. Then the file buffer, key, and iv are passed into a Web Worker for encryption.

The file data is passed through a progressive ciphering with a chunk size of 4096 Bytes. This is to help reduce the memory usage needed by the encryption process as it only needs to process and convert each chunk instead of the entire file.

Once all the file's data has been processed, the final buffer is then passed back to the main encryption routine and is sent to the server as a ArrayBuffer, along with the content-type, generated iv, key size, and block size.

Once the data has been recieved by the server, a unique URL name and unique local filename are generated and saved to the database along with the passed up cipher information. The File Data is then written to the server and the resulting URL is passed back to the client.

When the client recieves the returned URL, it then appends the generated key to the URL as an anchor tag and updates the UI to display the final URL.

Cipher Properties

The encryption library being used is Crypto-JS and the cipher being used is AES-256 using the mode CTR. The variant of AES is determined by the size of the key used (128, 192, or 256).

Upload Requirements

The maximum file size per upload is 1 GB

Each file is scanned for viruses at upload. If it fails, it will cancel the upload. Currently only files that are unencrypted when being sent to the server will be scanned successfully for viruses. If the file is encrypted client side, the encrypted data will be checked. This could create a false positive, but since the key is randomly generated, the next attempt should not be flagged.