SoftwareProcess.es About Projects

FileStore

File-Sto

By default all of this software is under GPLV2 (c) 2007 Free Software Foundation

see 'GPL-2' for more details

If a file is missing a pre-amble or copyright notice it is (c) 2007 Copyright Free Software Foundation.

Source Code: http://churchturing.org/x/file-sto.20080305.tar.gz

Purpose

Store files remotely on a server in an encrypted fashion. The server can verify the authenticity of the files it recieves and only accepts authenticated files. The only key the server gets is a single public key which can be publicly shared anyways!

Using a HTTP Proxy script you can decrypt the information on the server on a local computer or webserver.

Use case: You and a friend need an encrypted file store but you can only use HTTP, you do not want site admins reading your files.

Use case: You have a lot of diskspace on a shared host but no security (no SSL, no trust) you want to easily store files for later.

Use case: You want to stream files from your ISP/Host but you want the files private yet accessible.

Presentation

http://churchturing.org/w/ahindle-hiding-in-public.pdf

Installation

You need:

We use openssl for encryption and we use basic perl libraries for the rest of the code.

For ease of use edit your .profile or .bashrc or whatever you use and set the enviroment $PUBSHAREPATH to be this directory, this helps immensely because of the keys.

e.g.

export PUBSHAREPATH=~/file-sto/
export PATH=$PATH:$PUBSHAREPATH

You'll need to generate keys if they weren't given to you. run-once/make-key.sh will make all the keys necessary

Once the keys are generated, copy all the .sh files, .pm files, index.cgi and .pl and public-keys to the remote server. Edit the index.cgi file to have the proper paths that you want.

Locally set up tunnel.cgi so it has access to the file-sto code and keys, tell it the URL you installed the server (edit the code!)

tunnel.cgi will provide you with a nice web interface to your files.

Important scripts

uploader.pl: this uploads a file, give it the exact path you want it to appear as.

uploader.pl ./lol/cake.txt will upload to a directory called . (but it'll be encrypted!) then inside that lol and the cake.txt sits in lol (but the encrypted one)

tunnel.cgi this is your LOCAL script which decodes your remote server. Use this script to browse your external archive. You can also make this available elsewhere if you really are just using the other website for storage.

tunnel.cgi accepts actions actions include: 

decode-file-name.pl: This is just a quick script to test filename
encryption.
decrypt-file.pl: This file decrypts downloaded encrypted files
encrypt-file.pl: This file encrypts files using the same method
get-file-name.pl: encrypt file names
list-convert.pl: covert file names
ls-filter.pl: filter an encrypted ls
ls-filter-test.pl: tests
slowread.pl: used to slow down pipes
test.pl: a test
verify-file.pl: Using a sig, verify if a file is signed and OK
dec-filename.sh: encrypt a filename
enc-filename.sh: decrypt a filename

Keys/Crypto

You have a ls-key this is the file listing key, if it gets compromised your filenames are compromised. This is the weakest key. If you want others to read file names, give them this key.

You have a enc-key , this is a private key for encoding the files. If you want others to encode the files give them this key.

ourkey is an RSA key, it is used for validating files, you cannot upload files without signing them with this key. It has a public key you need to put on the server, this allows the server to validate the upload, that it came from you. The benefit here is that you don't need to worry about passwords, the attacker needs your keys to upload anything.

Bugs / Todo

SoftwareProcess.es About Projects
Last edited 2009-04-13 02:54 UTC by 206-248-139-25.dsl.teksavvy.com (diff)