A Secure file transfer utility & library. The library utilizes SPAKE2 for key negotiation over an insecure channel, and ChaCha20Poly1305 Authenticated Encryption to encrypt the file with the derived shared symmetric key. This enables two peers to transfer a file over any channel without needing to trust the intermediary relay.
Currently the code seems to send all files via a relay. Would it be within the scope of this project to implement a peer to peer mode? It would probably require some modification to the portal to negotiate some out-of-band channel.
In the best case this negotiation would be encrypted, see #3
I could probably contribute code if this is desired.
This would most likely be a backwards incompatible change. Currently the filename (and file size) is sent unencrypted. While the size could probably be determined anyways by looking at the data stream, the filename could contain sensitive information.
Currently only one nonce is used for the entire file. As I understand it this is not really a good idea. To further improve security, maybe the nonce should be changed for each packet that is sent. I tried something like this in my fork, this is working but maybe not the way you would want to do it. It would change the way encryption works though. The file wouldn't be encrypted in one operation but rather during the data transmission. I think this would probably be more performant anyways though, especially for large files.