path: root/jsaccess/README.txt
diff options
authorLaurent Ghigonis <laurent@p1sec.com>2013-06-16 20:41:12 +0200
committerLaurent Ghigonis <laurent@p1sec.com>2013-06-16 20:41:12 +0200
commit7604ea1493afbbb74b482d02a748875a4768ae58 (patch)
tree7854d358422a5fd770626b611d938839db4f8839 /jsaccess/README.txt
parentjsaccess: naming (diff)
jsaccess: now with dynamic file list and file name obfuscation
Diffstat (limited to 'jsaccess/README.txt')
1 files changed, 62 insertions, 5 deletions
diff --git a/jsaccess/README.txt b/jsaccess/README.txt
index cc2bbe7..69a7030 100644
--- a/jsaccess/README.txt
+++ b/jsaccess/README.txt
@@ -3,21 +3,78 @@ jsaccess - download and decrypt files in the browser
Provide protected access to files on a web server without htaccess or https.
+$ firefox jsa/index.html
-1. Put jsa/ directory on your web server, publicly available (you can rename it).
-2. Encrypt your files with encrypt.sh
-3. Upload the encrypted files in the directory jsa/files/
-4. Edit jsa/index.html to add your files to the download list
-5. Direct people to the directory jsa/, e.g. http://myserver.com/jsa/
+First, put jsa/ directory on your web server, publicly available
+To add a file for others to download :
+1. $ ./encrypt.sh myfile
+Then enter the passphase you want to use for encryption.
+It will tell you something like:
+CREATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/065e18a7f246b800242a778a6e8dd07a3321dac6
+UPDATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/index.txt
+2. Upload both CREATED and UPDATED files to your server
+You need to keep the correct full path
+$ rsync jsa/ user@_host:/var/www/htdocs/
+3. Direct people to the directory jsa/, e.g. http://myserver.com/jsa/
+Example adding a new file
+$ ./encrypt.sh README.txt
+Enter passphrase used to encrypt: jsa
+CREATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/065e18a7f246b800242a778a6e8dd07a3321dac6
+UPDATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/index.txt
+$ rsync jsa/ user@_host:/var/www/htdocs/
+Example downloading a file
+firefox jsa/index.html
+# enter 'jsa' as password
+# click on 'Get files list'
+# select 'README.txt'
+# click on Download
+# you now have the file decrypted :)
+How it works
+encrypt.sh creates a directory jsa/files/<rmd160_hash_of_passphrase>.
+It encrypts your file using AES256 with the passphrase and moves the encrypted
+version to
+It also updates the index of available files per directory called index.txt,
+that contains real file names. The index is also encrypted using AES256 with the
+web UI generates rmd160 hash from the passphrase and get the list of files
+available for this passphrase (jsa/files/<rmd160_hash_of_passphrase>/index.txt),
+decrypts it and shows the list of files.
+When the users clicks on Download, it fetches the file from the rmd160 name,
+decrypts it with the passphrase and stores it with the real name using the
+Filesaver JS API.
Directory content
jsa/ - should be on your webserver, can be renamed
+jsa/files/<password_hash>/ - directory of files to download for a given password
+jsa/files/<password_hash>/index.txt - list of file name available
encrypt.sh - to encrypt your files before uploading them to your web server