3. CURRENT SITUATION
• Systems such as dropbox or box does not allow secure
transfer of files
• Easy and secure transfer of files need technical
knowledge
• The layman does not understand concepts such as PGP
and asymmetric encryption
4. WHAT IS ARCANUM?
4
•An asymmetric encryption based file storage service.
• Intended to allow the sharing of files between clients securely.
•The client handles encryption as well as decryption.
•The server merely handles file storage and user management.
•This ensures that even if the server is compromised, the user data
is not.
•The server extends a REST based API to clients.
6. CLIENT SIDE - OVERVIEW
6
•Completely handles encryption, decryption as well as user
credential storage.
•Communicates with the server over HTTP
•The private key is stored locally while public key is sent to the
server.
•Connection is SSL secured
•Authentication is HTTP Basic Authentication
7. CLIENT SIDE - REGISTRATION
7
•During registration a RSA 2048 bit public/private keypair is
generated
•The public key is sent to the server while the private key is
stored locally
•The username, password and email is also sent to the server.
•APIs used:
/create/ for registration
8. CLIENT SIDE - SENDING
8
•Sending file:
Get the public key of the user to send to
Generate AES Key
Encrypt file with the generated AES Key
Encrypt AES Key with RSA Public Key
Prepend encrypted AES key with encrypted file
Send file to server
•APIs used:
GET /send/username to get the public key
POST /send/username to send the file
9. CLIENT SIDE - RECEIVING
9
•Receiving file:
Fetch file from server
Decrypt AES key using RSA private key (locally stored)
Decrypt rest of the file using AES key.
•APIs used:
GET /receive/all to get list of files
GET /receive/number to fetch a particular file
10. SERVER SIDE
10
•Uses a bucket file storage system
•Database used is sqlite3
•Passwords are stored as MD5 hashes
•Exposes a REST API so the clients can be easily created.
•Created using flask, sqlalchemy and restful.
11. ENCRYPTION
11
• Handled by Keyczar
• AES-256 for symmetric encryption
• RSA 2048 for asymmetric
• HMAC for data integrity
• SSL for security in transit
18. WRAPPING UP
18
• Code is available at:
• https://github.com/sp3ctr3/arcanum-server
• https://github.com/sp3ctr3/arcanum-client
• Completely functional
• Multiplatform
• Further clients are being developed