Today I wanted to go over some of the changes being made to the Upload service with v2 of Teknik (Source) and get the communities feedback.
The entire service will use AES-256-CBC regardless of location of encryption/decryption.
- Client Side Encryption using Crypt-JS
- Opt-in for keeping key in URL vs storing in Database
- Opt-in for stating that the file is already encrypted
- Allows the option to supply a key to be stored in the DB
- Otherwise will assume the user will supply the key in the URL when viewing
- By default, will encrypt the file server side and store the key in the DB
- Opt-in available to be passed the key instead of storing in DB (or both)
- When viewing a file via a browser, UI will display showing download status and decryption status
- Via Web Browser will be Client Side decryption
- When embedding the URL, the file will be decrypted Server Side
- The key must either be stored in the DB or passed via the URL. If neither have the key, then the file will be downloaded as is without trying to decrypt