diff --git a/ROADMAP.md b/ROADMAP.md new file mode 100644 index 0000000..a735ee8 --- /dev/null +++ b/ROADMAP.md @@ -0,0 +1,240 @@ +> Fully modular code for encryption libraries, ensure metadata is stored as encrypted hashs for PacShare, Revamp PacShares secure file send and pickup, and create a CLI and local application (Linux and Android). + +### Draft tree for webapp + +paccrypt-webapp/ +├── static/ +│ ├── audio/ +│ │ └── chomp.mp3 +│ ├── css/ +│ │ └── styles.css +│ ├── fonts/ +│ │ └── PressStart2P-Regular.ttf +│ ├── img/ +│ │ ├── Github_logo.png +│ │ ├── PacCrypt.png +│ │ ├── PacCrypt_W-Background.png +│ │ ├── PacCrypt_W-Backgroud_Name.png +│ │ ├── PacCrypt_W-Name.png +│ │ └── sitemap.png <-- **Change img** +│ └── js/ <-- **Pending changes** +│ ├── encryption.js +│ ├── fileops.js +│ ├── main.js +│ ├── pacman.js +│ └── ui.js +├── templates/ +│ ├── 403.html +│ ├── 404.html +│ ├── 500.html +│ ├── admin.html +│ ├── admin_login.html +│ ├── admin_settings.html +│ ├── admin_setup.html +│ ├── index.html +│ └── pickup.html +├── application_data/ <-- *New* +│ ├── scripts/ <-- *New* +│ │ ├── start_dev <-- *Moved* +│ │ ├── start_prod <-- *Moved* +│ │ ├── restart_dev <-- *New* +│ │ ├── restart_prod <-- *New* +│ │ └── stop <-- *New* +│ ├── settings.json <-- *Moved* +│ ├── requirements.txt <-- *Moved* +│ ├── admin_cred <-- **Generated once admin is setup** / *Moved* +│ └── admin_hash <-- **Generated once admin is setup** / *Moved* +├── paccrypt_algos/ <-- *New* +│ ├── aes_gcm.py <-- *New* +│ ├── aes_cbc.py <-- *New* +│ ├── xchacha.py <-- *New* +│ ├── rsa_hybrid.py <-- *New* +│ └── kyber_hybrid.py <-- *New* +├── pacshare/ <-- **Generated at time of first PacShare upload, location customizable** / *New* +│ ├── pdf/jpeg/etc.paccrypt <-- **Encrypted binary file** / *Moved* +│ └── meta.paccrypt <-- **Encrypted metadata** / *Moved* +├── README.md <-- **Needs Updated** +├── ROADMAP.md +├── LICENSE <-- *New* +└── app.py +--- + +### Phase 0 +[] Remove docker files (Dropping official docker support) + +[] Update README.md to be current. + +[x] Add roadmap.md to repo + +[] Create /application_data/ folder (for server settings, admin login and creds) + +[] Create scripts folder in /application_data/ + +[] Create /paccrypt_algos/ folder + +[] Builder better start, stop and restart scripts both prod and dev (Universal) + +[] Add a button in the admin panel to switch to and from prod and dev modes + +### Phase 1: app.py - Modular Python Web App +##### app.py Responsibilities +[] Flask app + routing + +[] Handle: +⦁ /encrypt +⦁ /decrypt +⦁ /pickup/ + +[] Receive: +⦁ File or text +⦁ pickup_password (required) +⦁ encryption_password (required) +⦁ encryption_mode +[] Encrypt metadata using pickup password +[] Encrypt file using encryption password +[] Dynamically load correct engine via decrypted metadata +[] Save .enc + .meta, return pickup link +[] Update PacMan like mini game logic revamp "(LOW PRIORITY)" +[] Update PacMan like mini game base revamp "(LOW PRIORITY)" +--- +##### /paccrypt_algos/ - Modular Crypto Engines +[] Create folder + interface +[] Remove basic cypher +Implement engines: +[] aes_gcm.py +[] aes_cbc.py +[] xchacha.py +[] rsa_hybrid.py +[] kyber_hybrid.py (Testing) +[] Each must expose: +`def encrypt\_text(text, key, metadata): ...` +`def decrypt\_text(ciphertext, key, metadata): ...` +`def encrypt\_file(in\_path, out\_path, key, metadata): ...` +`def decrypt\_file(in\_path, out\_path, key, metadata): ...` +`def get\_name(): return "AES-GCM"` +--- +### Phase 2: PacShare - Reimplementation +/encrypt Route Flow +[] JS submits (PacShare "Form"): +⦁ File +⦁ pickup_password (for metadata) +⦁ encryption_password (for file) +⦁ encryption_mode +⦁ 2FA token code / Yubi/Passkey set up + +[] Python logic: +⦁ Encrypt file using selected algo + encryption_password +⦁ Generate metadata dict: +⦁ filename, enc_mode, pickup_hash, timestamp, optional 2FA +⦁ Encrypt metadata using AES-GCM derived from pickup_password +⦁ Save .enc and .meta files +⦁ Generate random file_id +⦁ Return /pickup/ link +> Both passwords are required. One reveals the mode + metadata, the other decrypts the file. +--- +##### /pickup/ Route Flow +[] Prompt for pickup_password +[] Decrypt .meta and validate hash +[] Show original filename, prompt for encryption_password +[] Load correct module, decrypt file +[] Offer file download +--- +##### Metadata Structure (Encrypted JSON) +`"filename": "report.pdf",` +`"enc\_mode": "aes\_gcm",` +`"pickup\_hash": "",` +`"created\_at": "2025-08-05T18:00Z",` +`"2fa\_seed": "base32string", // optional` +`"yubi\_token\_hash": "sha256", // optional` +>Stored as .meta +>Encrypted with AES-GCM using key from pickup\_password +--- +### Phase 3: External API Access (/api/*) +##### Endpoint Description +`POST /api/encrypt Local-only file/text encryption (returns file/meta)` +`POST /api/ps-send Upload + encrypt + return pickup link (JSON)` +`POST /api/ps-pickup Provide pickup ID + passwords, return decrypted file` +`POST /api/decrypt Decrypt local .enc + .meta bundle` +`GET /api/version Return current version tag` +> These endpoints must receive both passwords. Encryption password is never saved. +--- +### Phase 4: CLI Tool (Offline and API Hybrid) +[] Create PacCrypt-CLI repo +[] paccrypt-cli command +[] Local encrypt/decrypt support +[] Support: +[] --share-api to change api address (in case user is self hosting PacCrypt-Webapp) +⦁ Default api from https://paccrypt.unnaturalll.dev/ +[] --share to upload via /api/ps-send +[] --pickup to download + decrypt via /api/ps-pickup +Always require (Send + Pickup) +[] --method (to define encryption type) +[] --pickup-password +[] --encryption-password +Optional (Send + Pickup) +[] 2FA Token +⦁ No Yubi or passkey support for API calls +[] --help (Shows command usage) +[] CLI PacMan like mini game "(LOW PRIORITY)" +--- +### Phase 5: Local GUI Applications +##### Linux (First) +[] PyQt6 or GTK +[] Same features as the Webapp +[] Support for PacShare through API calls +⦁ Default https://paccrypt.unnaturalll.dev/ +⦁ User changeable if the webapp is self hosted +[] Text Encryption / Decryption mode +[] Text Password +[] Text input / output +[] PS Mode selector +[] PS File Uploader +[] PS Pickup Password +[] PS Encryption / Decryption password +[] PS 2FA Token support +⦁ No Yubi/Passkey support for API calls +[] PS error message if devices is offline or server can't be reached +[] KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged) +##### Android +[] Kivy or BeeWare +[] Same features as the Webapp +[] Support for PacShare through API calls +⦁ Default https://paccrypt.unnaturalll.dev/ +⦁ User changeable if the webapp is self hosted +[] Text Encryption / Decryption mode +[] Text Password +[] Text input / output +[] PS Mode selector +[] PS File Uploader +[] PS Pickup Password +[] PS Encryption / Decryption password +[] PS 2FA Token support +⦁ No Yubi/Passkey support for API calls +[] PS error message if devices is offline or server can't be reached +> No Windows support for a application, only webapp, and maybe CLI support. +> Linux master race + +--- +### PacShare File Format +pacshare/ +├── pdf/jpeg/etc.paccrypt # Encrypted binary file +└── meta.paccrypt # Encrypted metadata +--- +### Development Order +0. [] Phase 0 Tasks +1. [] paccrypt_algos/ + aes_gcm.py +2. [] app.py routes: /encrypt, /pickup/ +3. [] Add /decrypt route +4. [] Build metadata encryption helpers +5. [] Finish other engine modules +6. [] Build /api/* equivalents +7. [] Update README.md with all changed to the webapp. +8. [] Create a new installation guide. +9. [] Build CLI +10. [] Test CLI with --pickup + --share +12. [] Build GUI app on Linux +13. [] Test GUI app on Linux +14. [] Build GUI app on Android +15. [] Test GUI app on Android +16. [] Finilize all releases and push to main. +17. [] Create Wiki