From 7604ea1493afbbb74b482d02a748875a4768ae58 Mon Sep 17 00:00:00 2001 From: Laurent Ghigonis Date: Sun, 16 Jun 2013 20:41:12 +0200 Subject: jsaccess: now with dynamic file list and file name obfuscation --- jsaccess/README.txt | 67 +++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 62 insertions(+), 5 deletions(-) (limited to 'jsaccess/README.txt') diff --git a/jsaccess/README.txt b/jsaccess/README.txt index cc2bbe7..69a7030 100644 --- a/jsaccess/README.txt +++ b/jsaccess/README.txt @@ -3,21 +3,78 @@ jsaccess - download and decrypt files in the browser Provide protected access to files on a web server without htaccess or https. +$ firefox jsa/index.html + Deployment ========== -1. Put jsa/ directory on your web server, publicly available (you can rename it). -2. Encrypt your files with encrypt.sh -3. Upload the encrypted files in the directory jsa/files/ -4. Edit jsa/index.html to add your files to the download list -5. Direct people to the directory jsa/, e.g. http://myserver.com/jsa/ +First, put jsa/ directory on your web server, publicly available + +To add a file for others to download : + +1. $ ./encrypt.sh myfile +Then enter the passphase you want to use for encryption. +It will tell you something like: +jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0 +CREATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/065e18a7f246b800242a778a6e8dd07a3321dac6 +UPDATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/index.txt + +2. Upload both CREATED and UPDATED files to your server +You need to keep the correct full path +$ rsync jsa/ user@_host:/var/www/htdocs/ + +3. Direct people to the directory jsa/, e.g. http://myserver.com/jsa/ + + +Example adding a new file +========================= + +$ ./encrypt.sh README.txt +Enter passphrase used to encrypt: jsa +jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0 +CREATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/065e18a7f246b800242a778a6e8dd07a3321dac6 +UPDATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/index.txt + +$ rsync jsa/ user@_host:/var/www/htdocs/ + + +Example downloading a file +========================== + +firefox jsa/index.html +# enter 'jsa' as password +# click on 'Get files list' +# select 'README.txt' +# click on Download +# you now have the file decrypted :) + + +How it works +============ + +encrypt.sh creates a directory jsa/files/. +It encrypts your file using AES256 with the passphrase and moves the encrypted +version to +jsa/files//. +It also updates the index of available files per directory called index.txt, +that contains real file names. The index is also encrypted using AES256 with the +passphrase. + +web UI generates rmd160 hash from the passphrase and get the list of files +available for this passphrase (jsa/files//index.txt), +decrypts it and shows the list of files. +When the users clicks on Download, it fetches the file from the rmd160 name, +decrypts it with the passphrase and stores it with the real name using the +Filesaver JS API. Directory content ================= jsa/ - should be on your webserver, can be renamed +jsa/files// - directory of files to download for a given password +jsa/files//index.txt - list of file name available encrypt.sh - to encrypt your files before uploading them to your web server -- cgit v1.2.3-59-g8ed1b