path: root/jsaccess/README.txt
diff options
authorLaurent Ghigonis <laurent@p1sec.com>2013-06-17 20:08:58 +0200
committerLaurent Ghigonis <laurent@p1sec.com>2013-06-17 20:08:58 +0200
commitf7708feda1e91f5da6e8ca2797d7594ed2f3350f (patch)
treec2d5865b8dbc8d1e713386ea605094b6e68ddbb7 /jsaccess/README.txt
parentjsaccess: store check dependencies (diff)
jsaccess: WIP on a real file store
Diffstat (limited to 'jsaccess/README.txt')
1 files changed, 18 insertions, 15 deletions
diff --git a/jsaccess/README.txt b/jsaccess/README.txt
index 16f2c98..97813bd 100644
--- a/jsaccess/README.txt
+++ b/jsaccess/README.txt
@@ -31,10 +31,10 @@ Deployment
There are 2 parts:
* The jsa/ directory that contains html / javascript files, for the user to
-access files list and download. jsa/files/ is the files store.
+access files list and download. jsa/store/ is the files store.
* The store.sh script for the web server owner to encrypt files
It is recomanded to run store.sh on your laptop, and then syncronise the
-jsa/files/ file store with your server.
+jsa/store/ file store with your server.
Put jsa/ directory on your web server, publicly available.
@@ -48,9 +48,9 @@ On your laptop:
$ ./store.sh myfile
# Then enter the passphase you want to use for encryption.
# It will tell you something like:
-CREATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/065e18a7f246b800242a778a6e8dd07a3321dac6
-UPDATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/index.txt
+CREATED jsa/store/af022cd820fdad6cbcac8e15ac565c639a47dab0/065e18a7f246b800242a778a6e8dd07a3321dac6
+UPDATED jsa/store/af022cd820fdad6cbcac8e15ac565c639a47dab0/index.txt
2. Syncronise the file store with you online server
On your laptop:
@@ -64,23 +64,23 @@ $ rsync jsa/ user@myserver:/var/www/htdocs/
How it works
-store.sh creates a directory jsa/files/<rmd160_hash_of_passphrase>/.
+store.sh creates a directory jsa/store/<rmd160_hash_of_passphrase>/.
It encrypts your file using AES256 with the passphrase and stores the result in
It also updates the index of available files per directory called index.txt,
that contains real file names. The index is also encrypted using AES256 with the
Web UI generates rmd160 hash from the passphrase and get the list of files
-available for this passphrase (jsa/files/<rmd160_hash_of_passphrase>/index.txt),
+available for this passphrase (jsa/store/<rmd160_hash_of_passphrase>/index.txt),
decrypts it and shows the list of files.
When the user clicks on Download, it fetches the file from the rmd160 name,
decrypts it with the passphrase and stores it with the real name using the
Filesaver JS API.
+Dependencies / Compatibility
On the host that runs store.sh:
* openssl
@@ -90,22 +90,25 @@ On the web server:
* Serving static files is enough
* optional: https, to protect against clients targeted attacks
+On the web user machine:
+* Tested with Firefox 21 and Chrome 27
Git content
jsa/ - should be on your webserver, can be renamed
-jsa/files/<password_hash>/ - directory of files to download for a given password
-jsa/files/<password_hash>/index.txt - list of file name available
+jsa/store/<password_hash>/ - directory of files to download for a given password
+jsa/store/<password_hash>/index.txt - list of file name available
store.sh - to encrypt your files before uploading them to your web server
-* Download progress
+* web: download progress
-* Decrypting progress
+* web: decrypting progress
Need to modify gibberish-aes
-* Make password field appear as full of dots after validation
+* web: make password field appear as full of dots after validation