Hi there,
I have created a little piece of software that is able to serve files from an encrypted peer’s folder. This could be useful for people syncing files to an untrusted cloud server and wanting to share specific files with friends using links.
The server runs as HTTP service (should be put behind an HTTPS reverse proxy), accepts a encrypted file path and a file key, and then decrypts said file on the fly, e.g. https://localhost:8380/1.syncthing-enc/AB/CDEF?key=ABCD). The file key is determined by Syncthing based on the folder ID, folder key and file path and is only useful for decryption a file at that specific path. The server could be run on an untrusted peer as well (note that it will ‘see’ the file key for downloaded files, so anyone with control over the server could find out the contents of files downloaded through this service). To mitigate this, the service could be run on a separate (slightly more trusted) server and fetch the encrypted files from an untrusted storage.
Links can be generated somewhere else from the command line by specifying a folder ID, folder password, and (plaintext) path to the file to be shared. The folder password is only used to derive the file key and not included in the link.
Let me know what you think!