Encrypto

File Encrypt/Decript Service

Encrypto Workflow:

• User submits a file with a password for encryption.
• Random Salts and a IV Vector are generated.
• Password is used to import a CryptoKey(PBKDF2).
• Password CryptoKey is used with respective Salt for deriving 2 encryption keys(PBKDF2)
• First CryptoKey is used to encrypt the name of the file without the extension.
• The Salt for that key is added to the resulting encrypted name (ArrayBuffer).
• The Salted and encrypted buffer data is encrypted again with the second key.
• Name is send to the service with the IV Vector(Base64),second Salt(Base64), password.
• Service hashes the password and stores the data adding the decryption time(Redis TTL).
• First CryptoKey, IV Vector, File Blob(Bin Large Object) is passed to the WebWorker.
• WebWorker reads the Blob as a buffer and encrypts the data(AES-GCM).
• WebWorker returns data to app where it downloads it with the Base64 name to the client.

Decrypt(Happy) Workflow:

• User submits a file and a password for dencryption.
• App passes the password, file name(Base64) to the service.
• Service queries for the name and verifies the password hash.
• Service removes the item and returns the IV Vector and second Salt(Enc Work.).
• Salt and IV Vector are converted to ArrayBuffers.
• A CryptoKey(PBKDF2) is imported(created) from the raw(client side) password.
• Resulting key is user derive another key with the Salt.
• This second key is used to decrypt the file from which the prepended Salt is extracted.
• This second Salt is used with the password key to derive the final key.
• It is used to decrypt both the file(WebWorker) and the filename (buffer result with no salt).
• File with a now decrypted name is downloaded to the client by the App.