File encryption with a browser.

I've been exploring the #WebCryptoAPI and I'm impressed!

When combined with the #FileSystemAPI, it offers a seemingly secure way to #encrypt and #store files directly on your device. Think #localstorage, but with #encryption!

I know #webapps can have #security vulnerabilities since the code is served over the web, so I've #OpenSourced my demo! You can check it out, and it should even work if #selfhosted on #GitHubPages.

Live Demo: https://dim.positive-intentions.com/?path=/story/usefs--encrypted-demo

Demo Code: https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js

Hook Code: https://github.com/positive-intentions/dim/blob/staging/src/hooks/useFS.js

IMPORTANT NOTES (PLEASE READ!):
* This is NOT a product. It's for #testing and #demonstration purposes only.
* It has NOT been reviewed or audited. Do NOT use for sensitive data.
* The "password encryption" currently uses a hardcoded password. This is for demonstration, not security.
* This is NOT meant to replace robust solutions like #VeraCrypt. It's just a #proofofconcept to show what's possible with #browser #APIs.

#Encryption #Cryptography #JavaScript #Frontend #Privacy #Security #WebDevelopment #Coding #Developer #Tech #FOSS #OpenSource #GitHub #MastodonDev #Programming #WebStandards #FileSystem #WebAPI #ProofOfConcept

Send files privately. No cloud. No trace.

https://glitr.io

I’m working towards something for #secure / #private / #simple #P2P #filetransfer. It isnt as “simple” as it could be, im still working on it, but ive got it down to:

Zero-installation as a #PWA

Zero-registration by using local-only storage

#P2P-authentication using #WebCryptoAPI

Fast #datatransfer using #WebRTC

It’s far from finished, but i think ive got it “usable” enough to ask for feedback on it.

When comparing this project to things like #wormhole, #onionshare, #localsend, #syncthing, #croc, #sphynctershare and countless others. the key difference in my approach is that its a #webapp thats ready to go without any "real" setup process. you just need a browser.

I’m aware there are things like #SFTP and several other established protocols and tools. I started doing this because I was learning about #WebRTC and it seems suprisingly capable. This isnt ready to replace any existing apps or services.

(Note: I know you guys are typically interested in #opensource code. this project is a spin-off from a bigger project: https://github.com/positive-intentions/chat)

Let me know what you think about the app, features and experience you would expect from a tool like this.

---

SUPER IMPORTANT NOTES TO PREVENT MISLEADING:

These projects are not ready to replace any existing apps or services.

These projects are not peer-reviewed or security audited.

The chat-app is #opensource for transparency (as linked above)... but the file-app is not open souce at all (especially spicy when not reviewed or audited.).

All projects behind positive-intentions are provided for testing and demo purposes only.

Native support for ed25519/x25519 in the browser would be a huge step forward for in-browser/client-side cryptography.

Looks like Google is holding up our ability to use it in production.

(Firefox and Safari both have support enabled by default.)

https://caniuse.com/mdn-api_subtlecrypto_sign_ed25519

#ed25519 #x25519 #cryptography #browsers #web #mozilla #apple #google #firefox #safari #chrome #privacy #security #WebCryptoAPI

Anyone tried to sign a text with #JS #WebCryptoApi and verify with #PHP openssl_verify()?
Tried alpine based PHP 7.4, 8.1, 8.2 (with error message) and 8.3 (without error message). Also tried centos / almalinux 8 with php 7.4 (with error message).

"error0909006CPEM routinesget_nameno start line"

But pub key as pem is fine (exportKey method as spki and base64 encoded).

Maybe someone tested it sucessfully and could tell me some details of the test setup like base os, php version, ... ?

Upgrading to Node.js v20.x is a big project.

And it’s totally worth it.

Get the full scope of changes to Node.js and how to upgrade seamlessly:
https://www.upgradejs.com/blog/why-and-how-to-upgrade-to-nodejs-from-v18-to-v20m-v18.html?utm_source=Mastodon&utm_medium=Organic&utm_campaign=Blogpromo&utm_term=V18.x+to+V20.x&utm_content=Gif&utm_id=

#nodejs #upgradejs #permissionmodel #webcryptoapi #testrunner

Why is the #WebCryptoAPI (JS) so badly documented?

It's just like:
* PBKDF2 with 100 iterations. "Do use this, never use more, you could lock out low-devices!"
* GCM? What's this, we just use CBC…
* …

https://discourse.mozilla.org/t/webcrpto-api-badly-documented/31451
/cc @aprilmpls @MozillaSecurity