CipherShare

Quickly store and send files with only a link, from a web app. Files are securely encrypted. Give people access by list of emails with a simple, easy-to-use UI.

Comment

Inspiration

We, as a team, are all very big into security and privacy. We thought it would be very fun and interesting to do something with encryption. When we saw that usage of Auth0 was one of the available challenges, we had the initial idea of making an encrypted file vault using Auth0, however one member of the team suggested it might be more interesting to use Auth0 in a more unusual way...

What it does

It allows users to upload files of any type up to 500mb in size. The user can add an unlimited amount of "allowed" emails (emails that will be able to access the file) along side this. When the file is uploaded, it is encrypted and the user receives a unique URL that corresponds to that file. The system uses one time password authentication provided by Auth0 to ensure that only users with valid emails may access, decrypt and download the uploaded file.

How we built it

We used golang alongside the gorilla web framework, auth0 API and MongoDB. We started by designing and then implementing the core structure of the service (that being the core routes and the logger). The project then split pretty well into four parts:

  1. Configuring the database and writing the package to interface with it
  2. Completing the handlers for the system and process upload/download information
  3. Encrypting the files and storing them
  4. Auth0 research and implementation

We each then took on one of these components and subsequently completed them. Some of them were completed much faster than other components, so we decided to use the pair programming technique to ensure that everyone was always contributing and to improve performance of the team when we were all fatigued.

Challenges we ran into

MongoDB caused us some small problems as we found the documentation to be very confusing for someone who is new to the service. We also encountered one issue with our UUIDs being wrapped in an ObjectID, which we had not anticipated. This led to some confusion for about 20 minutes until we eventually solved the issue in our go codebase.

File upload caused us some problems as getting it from a file in the form to a file on the server was a challenge. This was largely due to our unfamiliarity with go and how it handles form submission.

Auth0 was a huge pain to implement into the project. The lack of public documentation, particularly for go was a major annoyance. The documentation situation improved somewhat when you created a new application in the dashboard and then selected the quickstart menu for go, however this was not very helpful when we were trying to figure out what method and configuration settings to use. We eventually stumbled across the API documentation and finally discovered how to implement the functionality that we wanted. The Auth0 implementation process took approximately 9 hours.

Accomplishments that we're proud of

We managed to finish the project with fairly good code quality and a fully functional final product. This is a huge improvement over our submission last year. In the same sense our ability to prevent scope creep and actually choose a project with a sensible scope has also massively improved and we were very pleased with this.

We are also very proud of our encryption and one time password systems, when the implementation of both of these was completed we were all very excited.

What we learned

To complete the project three of us had to learn go and its web framework (with gorilla web framework added on top) as well as go HTML templating.

We also had to learn MongoDB and Auth0 which were both challenging but rewarding and very useful when they finally worked.

What's next for CipherShare

Refactoring, testing and further documentation.

Built With

Share this project:

Updates