logo~stef/blog/

stash

2013-04-07

stash is a private dropbox.

If you want someone to be able to upload files from their browser directly onto your computer at home, install stash once, and allow dedicated access to your friends to share files with you. Maybe your dad wants to send you the video from the family event, or a colleague a huge database, stash might be the right thing. Just send them a URL to your stash upload form and done. If you run stash on a server on the internet, your uploads are encrypted and only accessible with your secret PGP key. There's a short time when the file is unencrypted in memory (but not on disk!) on your server while uploading, but you can get around that uploading stuff that is already encrypted.

Stash should be easy to use for uploaders, while providing the following attributes:

  • Allow upload of huge files (I know, it's HTTP, still).
  • The only private information retained is the public PGP keys of the stash owners. No passwords even. Just make an extra PGP key and email for an added anon factor.
  • Uploaded files are automatically encrypted with the stash owners key. This can be disabled, if you want to upload data that is already encrypted.
  • Stash owners are automatically emailed to the email address listed in their public key about new uploads. These emails are also PGP encrypted.
  • User authentication is done using tlsauth: uploaders do not need a cert, new stash owners registering either, but all other parts require valid certs.
  • Stash IDs are generated randomly and should be hard to guess, this the only protection - tlsauth does not protect these upload forms - this is intentional to make it useful for "mom". however you can also specify your own human parseable stash ID if needed, tlsauth should be mandatory then for uploads as well.
  • Even though stash uses certificates for authentication, the user management is very simple and similar to normal user admin workflows, the only difference is that users have to import their cert into their browser after certification.

    Screenshots

registration with certificate generation!

only one stash here

upload succeeded, upload something else?

Get stash from github.com/stef/stash

permalink


next posts >
< prev post

CC BY-SA RSS Export
Proudly powered by Utterson