Today I wanted to go over some of the changes being made to the Upload service with v2 of Teknik (Source) and get the communities feedback.
The entire service will use AES-256-CBC regardless of location of encryption/decryption.
Web Interface:
Client Side Encryption using Crypt-JS
Opt-in for keeping key in URL vs storing in Database
API Interface
Opt-in for stating that the file is already encrypted
Allows the option to supply a key to be stored in the DB
Otherwise will assume the user will supply the key in the URL when viewing
By default, will encrypt the file server side and store the key in the DB
Opt-in available to be passed the key instead of storing in DB (or both)
Viewing Files
When viewing a file via a browser, UI will display showing download status and decryption status
Via Web Browser will be Client Side decryption
When embedding the URL, the file will be decrypted Server Side
The key must either be stored in the DB or passed via the URL. If neither have the key, then the file will be downloaded as is without trying to decrypt