Feat/client side encryption#209
Open
onkar0127 wants to merge 2 commits into
Open
Conversation
- Track upload status (PENDING / COMPLETED) in File model schema - Link UploadSession to File model using fileId - Pre-create PENDING file in initUpload and promote to COMPLETED in saveFileInfo - Exclude PENDING files from listings, folder retrieval, tag retrieval, and statistics - Add a background cron job scheduled daily at midnight to sweep stale PENDING uploads - Support disabling queues via environment variables to prevent test lockups
…haring encryption
👷 Deploy request for file-sharingsystem pending review.Visit the deploys page to approve it
|
|
@onkar0127 is attempting to deploy a commit to the imanchalsingh Team on Vercel. A member of the Team first needs to authorize it. |
Contributor
Author
|
@imanchalsingh can please check this one also!! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR implements zero-knowledge Client-Side End-to-End Encryption (E2EE) for file uploads and downloads. Using a hybrid encryption scheme, files are encrypted chunk-by-chunk in the browser before they are transmitted over the network and uploaded to Cloudinary, ensuring complete data privacy (zero plaintext content or passphrases ever reach the backend server).
Proposed Changes
Frontend
resumableUpload.ts): Implemented browser-native WebCrypto AES-GCM (256-bit) DEK generation. The DEK is wrapped client-side using a Key Encryption Key (KEK) derived from the user's password using PBKDF2 (100,000 iterations, SHA-256).SharePage.tsx): Reconstructed the download landing page to show an E2EE password entry field. Downloads the raw encrypted buffer, slices it into(5MB + 28B)encrypted chunks, extracts the prepended IVs, decrypts each chunk using the DEK, and compiles them back into the original decrypted file locally.MyFiles.tsx).Backend
File.js&ShareLink.js): AddedisEncrypted(Boolean),wrappedKey(String), andkeySalt(String) fields to store base64 metadata.uploadController.js&shareController.js):initUpload) and metadata saving (saveFileInfo).Filedocument to theShareLinkdocument on link generation.Testing & Verification
client/src/services/__tests__/e2ee.test.tsto test key wrapping, chunk encryption, IV extraction, and local decryption. All tests passed successfully.fixes [Feature Request] Implement End-to-End Encryption (E2EE) using WebCrypto API #105