Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How is end-to-end encryption achieved? By storing the password in the URL and not logging the URL when the file is fetched at the receiving end?


Encryption is done with JavaScript on the client. The decryption key is attached as hash to the download URL on the client side as well.

When visiting the URL, the key never reaches the server because the hash-part of an URL is never sent and is a local-only thing. So there's no need to strip logging. The client downloads the encrypted blob, and decrypts it on the client.

More info: https://www.reddit.com/r/firefox/comments/lqegb5/reminder_th...

And: https://github.com/timvisee/ffsend#security


#xxxx contents aren't sent to the server at all, if you trust the underlying javascript running in browser.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: