Google Upspin file sharing/transfer protocol

Google made public file sharing protocol ideas and implementation Go based. Its main goal - give users full control of data they own. Does not matter what service you are using to share your personal photos or posts (social networks) all data should be encrypted and kept in one place.

Reasonable. Nothing new. But here it is. We are open protocol which can be implemented with syncthing. I personally missing simplicity for files sharing using Syncthing, since working with access rights and folders ids/keys done too complicated.

So I’m guessing it’s not an app then? Maybe it’s a library for building on top of say… Syncthing to give it the file encryption we’ve always wanted?

Hmm on second thought, I keep seeing the phrase “end to end encryption” but not the MAGIC phrase “data at rest encryption”. Is that not what it does?

It does at rest encryption. It seems fairly neat; I’m not at a computer nowadays but reading their specs and stuff and thinking about integrations.

1 Like

Ahh ok, now that I have had a chance to read thoroughly… what they are calling “end to end encryption” is enc at rest AND enc during transfer. I usually just consider the phrase “end to end” to mean transfer encryption only (like html across a TLS stream, but still html file when sitting on disk).

So I guess you could make this a “Tahoe-LAFS like” thing by having it upload to multiple places scattered across the interwebz? Or maybe you could designate your own hardware to be the ONLY place your enc data is stored if you wish as well?

Quote from site:

The user keeps, in a private location not part of Upspin, a key that is used both during encryption of the data before it is written, and during decryption when read back.

IOW: OMFG backup your keys! If you lose your keys we can’t help you! Newbies would need to be warned of something like this.

Quote from site:

To share a file with a second user, that user must also be able to decrypt it. Upspin handles this automatically, using encryption techniques that allow two users to share encrypted data without disclosing their private keys to each other. The public keys of all users are registered in a central server to enable sharing even between strangers.

So I’m going to guess data is enc’ed with symetric key here and the symetric key is enc’ed with asymetric pub key of both users. That’s usually how this type of sharing is handled, but I haven’t looked at code yet.

Yeah that seems to be the case. Random symmetric key per file, encrypted for the allowed recipients.