jsaccess - download and decrypt files in the browser 2013, Laurent Ghigonis Provide protected access to files on a web server without htaccess or https. $ firefox jsa/index.html Deployment ========== First, put jsa/ directory on your web server, publicly available To add a file for others to download : 1. $ ./encrypt.sh myfile Then enter the passphase you want to use for encryption. It will tell you something like: jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0 CREATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/065e18a7f246b800242a778a6e8dd07a3321dac6 UPDATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/index.txt 2. Upload both CREATED and UPDATED files to your server You need to keep the correct full path $ rsync jsa/ user@_host:/var/www/htdocs/ 3. Direct people to the directory jsa/, e.g. http://myserver.com/jsa/ Example adding a new file ========================= $ ./encrypt.sh README.txt Enter passphrase used to encrypt: jsa jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0 CREATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/065e18a7f246b800242a778a6e8dd07a3321dac6 UPDATED jsa/files/af022cd820fdad6cbcac8e15ac565c639a47dab0/index.txt $ rsync jsa/ user@_host:/var/www/htdocs/ Example downloading a file ========================== firefox jsa/index.html # enter 'jsa' as password # click on 'Get files list' # select 'README.txt' # click on Download # you now have the file decrypted :) How it works ============ encrypt.sh creates a directory jsa/files/. It encrypts your file using AES256 with the passphrase and moves the encrypted version to jsa/files//. It also updates the index of available files per directory called index.txt, that contains real file names. The index is also encrypted using AES256 with the passphrase. web UI generates rmd160 hash from the passphrase and get the list of files available for this passphrase (jsa/files//index.txt), decrypts it and shows the list of files. When the users clicks on Download, it fetches the file from the rmd160 name, decrypts it with the passphrase and stores it with the real name using the Filesaver JS API. Directory content ================= jsa/ - should be on your webserver, can be renamed jsa/files// - directory of files to download for a given password jsa/files//index.txt - list of file name available encrypt.sh - to encrypt your files before uploading them to your web server TODO ==== * dynamicaly get files list from jsa/files/list_ (server directory listing should be disabled) * MIME types on download