File-StoBy default all of this software is under GPLV2 (c) 2007 Free Software Foundation
see 'GPL-2' for more details
If a file is missing a pre-amble or copyright notice it is (c) 2007 Copyright Free Software Foundation.
Source Code: http://churchturing.org/x/file-sto.20080305.tar.gz
PurposeStore files remotely on a server in an encrypted fashion. The server can verify the authenticity of the files it recieves and only accepts authenticated files. The only key the server gets is a single public key which can be publicly shared anyways!
Using a HTTP Proxy script you can decrypt the information on the server on a local computer or webserver.
Use case: You and a friend need an encrypted file store but you can only use HTTP, you do not want site admins reading your files.
Use case: You have a lot of diskspace on a shared host but no security (no SSL, no trust) you want to easily store files for later.
Use case: You want to stream files from your ISP/Host but you want the files private yet accessible.
- perl 5.8
We use openssl for encryption and we use basic perl libraries for the rest of the code.
For ease of use edit your .profile or .bashrc or whatever you use and set the enviroment $PUBSHAREPATH to be this directory, this helps immensely because of the keys.
export PUBSHAREPATH=~/file-sto/ export PATH=$PATH:$PUBSHAREPATH
You'll need to generate keys if they weren't given to you. run-once/make-key.sh will make all the keys necessary
Once the keys are generated, copy all the .sh files, .pm files, index.cgi and .pl and public-keys to the remote server. Edit the index.cgi file to have the proper paths that you want.
Locally set up tunnel.cgi so it has access to the file-sto code and keys, tell it the URL you installed the server (edit the code!)
tunnel.cgi will provide you with a nice web interface to your files.
Important scriptsuploader.pl: this uploads a file, give it the exact path you want it to appear as.
uploader.pl ./lol/cake.txt will upload to a directory called . (but it'll be encrypted!) then inside that lol and the cake.txt sits in lol (but the encrypted one)
tunnel.cgi this is your LOCAL script which decodes your remote server. Use this script to browse your external archive. You can also make this available elsewhere if you really are just using the other website for storage.
tunnel.cgi accepts actions actions include:
- biglist - running find on the remote site but then translating the filenames (SLOW)
- m3u - the same as biglist but generates an M3u (download once) (slow)
- get_file - use this to download a file from the remote end and have it decrypted on the fly for you (thank you block ciphers!)
- ls - browse the files remotely if you use &pretty=1 and action=ls you will get a nice human browsable webinterface &action=ls&pretty=1
decode-file-name.pl: This is just a quick script to test filename encryption. decrypt-file.pl: This file decrypts downloaded encrypted files encrypt-file.pl: This file encrypts files using the same method get-file-name.pl: encrypt file names list-convert.pl: covert file names ls-filter.pl: filter an encrypted ls ls-filter-test.pl: tests slowread.pl: used to slow down pipes test.pl: a test verify-file.pl: Using a sig, verify if a file is signed and OK dec-filename.sh: encrypt a filename enc-filename.sh: decrypt a filename
You have a ls-key this is the file listing key, if it gets compromised your filenames are compromised. This is the weakest key. If you want others to read file names, give them this key.
You have a enc-key , this is a private key for encoding the files. If you want others to encode the files give them this key.
ourkey is an RSA key, it is used for validating files, you cannot upload files without signing them with this key. It has a public key you need to put on the server, this allows the server to validate the upload, that it came from you. The benefit here is that you don't need to worry about passwords, the attacker needs your keys to upload anything.
Bugs / Todo
- There seems to be an encoding problem with filenames.
- The biglist is only from the root