What is this?
This is a try to create a secure file transfer without an native client.
How does it work?
The service uses asymmetrical encryption to encrypt files. Then the files get uploaded to our server to make sharing files with friends safe and easy.
Hold up, what exactly is being uploaded to your server?
We store your encrypted files and your encrypted private key, that's it, no plaintext files! All sensitive data that's being sent to the server is encrypted by your browser before leaving your device!
How are the encryption actually done?
When you create an account you get to create your keypair, these two keys are used to encrypt and decrypt files for you. The keypair consists of a public key and a private key. The public key is used by others to encrypt files for you while the private key is used to decrypt files.
How is my private key stored?
This is up to you to decide. We have a couple of different ways to store your key:
Option 1) We store the key on the server, encrypted with your password. This enables you to use the application from any computer BUT if our server got compromised an attacker may be able to brute force your password and gain access to your account and private key.
Option 2) Again we store the key on the server, but you get to set another password for your private key! This means that the attacker can gain access to your account but your private key is a lot more safe!
Option 3) You store the key. Keep it on your harddrive, your Dropbox or a usb drive. You will have to load the private key when you want to use it to decrypt your files. A little more hastle but safe if the server is compromised