Create ROADMAP.md

2025-08-06 12:27:53 -10:00
parent db8fd2ac1f
commit 022a1e7aaf
1 changed files with 240 additions and 0 deletions
@@ -0,0 +1,240 @@
+> Fully modular code for encryption libraries, ensure metadata is stored as encrypted hashs for PacShare, Revamp PacShares secure file send and pickup, and create a CLI and local application (Linux and Android).
+
+### Draft tree for webapp
+
+paccrypt-webapp/
+├── static/
+│   ├── audio/
+│   │   └── chomp.mp3
+│   ├── css/
+│   │   └── styles.css
+│   ├── fonts/
+│   │   └── PressStart2P-Regular.ttf
+│   ├── img/
+│   │   ├── Github_logo.png
+│   │   ├── PacCrypt.png
+│   │   ├── PacCrypt_W-Background.png
+│   │   ├── PacCrypt_W-Backgroud_Name.png
+│   │   ├── PacCrypt_W-Name.png
+│   │   └── sitemap.png <-- **Change img**
+│   └── js/ <-- **Pending changes**
+│       ├── encryption.js
+│       ├── fileops.js
+│       ├── main.js
+│       ├── pacman.js
+│       └── ui.js
+├── templates/
+│   ├── 403.html
+│   ├── 404.html
+│   ├── 500.html
+│   ├── admin.html
+│   ├── admin_login.html
+│   ├── admin_settings.html
+│   ├── admin_setup.html
+│   ├── index.html
+│   └── pickup.html
+├── application_data/ <-- *New*
+│   ├── scripts/ <-- *New*
+│   │   ├── start_dev <-- *Moved*
+│   │   ├── start_prod <-- *Moved*
+│   │   ├── restart_dev <-- *New*
+│   │   ├── restart_prod <-- *New*
+│   │   └── stop <-- *New*
+│   ├── settings.json <-- *Moved*
+│   ├── requirements.txt <-- *Moved*
+│   ├── admin_cred <-- **Generated once admin is setup** / *Moved*
+│   └── admin_hash <-- **Generated once admin is setup** / *Moved*
+├── paccrypt_algos/ <-- *New*
+│   ├── aes_gcm.py <-- *New*
+│   ├── aes_cbc.py <-- *New*
+│   ├── xchacha.py <-- *New*
+│   ├── rsa_hybrid.py <-- *New*
+│   └── kyber_hybrid.py <-- *New*
+├── pacshare/ <-- **Generated at time of first PacShare upload, location customizable** / *New*
+│   ├── <file_id>pdf/jpeg/etc.paccrypt <-- **Encrypted binary file** / *Moved*
+│   └── <file_id>meta.paccrypt <-- **Encrypted metadata** / *Moved*
+├── README.md <-- **Needs Updated**
+├── ROADMAP.md
+├── LICENSE <-- *New*
+└── app.py
+---
+
+### Phase 0
+[] Remove docker files (Dropping official docker support)
+
+[] Update README.md to be current.
+
+[x] Add roadmap.md to repo
+
+[] Create /application_data/ folder (for server settings, admin login and creds)
+
+[] Create scripts folder in /application_data/
+
+[] Create /paccrypt_algos/ folder
+
+[] Builder better start, stop and restart scripts both prod and dev (Universal)
+
+[] Add a button in the admin panel to switch to and from prod and dev modes
+
+### Phase 1: app.py - Modular Python Web App
+##### app.py Responsibilities
+[] Flask app + routing
+
+[] Handle:
+⦁	/encrypt
+⦁	/decrypt
+⦁	/pickup/<file_id>
+
+[] Receive:
+⦁	File or text
+⦁	pickup_password (required)
+⦁	encryption_password (required)
+⦁	encryption_mode
+[] Encrypt metadata using pickup password
+[] Encrypt file using encryption password
+[] Dynamically load correct engine via decrypted metadata
+[] Save .enc + .meta, return pickup link
+[] Update PacMan like mini game logic revamp "(LOW PRIORITY)"
+[] Update PacMan like mini game base revamp "(LOW PRIORITY)"
+---
+##### /paccrypt_algos/ - Modular Crypto Engines
+[] Create folder + interface
+[] Remove basic cypher
+Implement engines:
+[] aes_gcm.py
+[] aes_cbc.py
+[] xchacha.py
+[] rsa_hybrid.py
+[] kyber_hybrid.py (Testing)
+[] Each must expose:
+`def encrypt\_text(text, key, metadata): ...`
+`def decrypt\_text(ciphertext, key, metadata): ...`
+`def encrypt\_file(in\_path, out\_path, key, metadata): ...`
+`def decrypt\_file(in\_path, out\_path, key, metadata): ...`
+`def get\_name(): return "AES-GCM"`
+---
+### Phase 2: PacShare - Reimplementation
+/encrypt Route Flow
+[] JS submits (PacShare "Form"):
+⦁	File
+⦁	pickup_password (for metadata)
+⦁	encryption_password (for file)
+⦁	encryption_mode
+⦁	2FA token code / Yubi/Passkey set up
+
+[] Python logic:
+⦁	Encrypt file using selected algo + encryption_password
+⦁	Generate metadata dict:
+⦁	filename, enc_mode, pickup_hash, timestamp, optional 2FA
+⦁	Encrypt metadata using AES-GCM derived from pickup_password
+⦁	Save .enc and .meta files
+⦁	Generate random file_id
+⦁	Return /pickup/<file_id> link
+> Both passwords are required. One reveals the mode + metadata, the other decrypts the file.
+---
+##### /pickup/<file_id> Route Flow
+[] Prompt for pickup_password
+[] Decrypt .meta and validate hash
+[] Show original filename, prompt for encryption_password
+[] Load correct module, decrypt file
+[] Offer file download
+---
+##### Metadata Structure (Encrypted JSON)
+`"filename": "report.pdf",`
+`"enc\_mode": "aes\_gcm",`
+`"pickup\_hash": "<argon2>",`
+`"created\_at": "2025-08-05T18:00Z",`
+`"2fa\_seed": "base32string",  // optional`
+`"yubi\_token\_hash": "sha256", // optional`
+>Stored as .meta
+>Encrypted with AES-GCM using key from pickup\_password
+---
+### Phase 3: External API Access (/api/*)
+##### Endpoint	Description
+`POST /api/encrypt	Local-only file/text encryption (returns file/meta)`
+`POST /api/ps-send	Upload + encrypt + return pickup link (JSON)`
+`POST /api/ps-pickup	Provide pickup ID + passwords, return decrypted file`
+`POST /api/decrypt	Decrypt local .enc + .meta bundle`
+`GET /api/version	Return current version tag`
+> These endpoints must receive both passwords. Encryption password is never saved.
+---
+### Phase 4: CLI Tool (Offline and API Hybrid)
+[] Create PacCrypt-CLI repo
+[] paccrypt-cli command
+[] Local encrypt/decrypt support
+[] Support:
+[] --share-api to change api address (in case user is self hosting PacCrypt-Webapp)
+⦁	Default api from https://paccrypt.unnaturalll.dev/
+[] --share to upload via /api/ps-send
+[] --pickup <id> to download + decrypt via /api/ps-pickup
+Always require (Send + Pickup)
+[] --method (to define encryption type)
+[] --pickup-password
+[] --encryption-password
+Optional (Send + Pickup)
+[] 2FA Token
+⦁	No Yubi or passkey support for API calls
+[] --help (Shows command usage)
+[] CLI PacMan like mini game "(LOW PRIORITY)"
+---
+### Phase 5: Local GUI Applications
+##### Linux (First)
+[] PyQt6 or GTK
+[] Same features as the Webapp
+[] Support for PacShare through API calls
+⦁	Default https://paccrypt.unnaturalll.dev/
+⦁	User changeable if the webapp is self hosted
+[] Text Encryption / Decryption mode
+[] Text Password
+[] Text input / output
+[] PS Mode selector
+[] PS File Uploader
+[] PS Pickup Password
+[] PS Encryption / Decryption password
+[] PS 2FA Token support
+⦁	No Yubi/Passkey support for API calls
+[] PS error message if devices is offline or server can't be reached
+[] KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged)
+##### Android
+[] Kivy or BeeWare
+[] Same features as the Webapp
+[] Support for PacShare through API calls
+⦁	Default https://paccrypt.unnaturalll.dev/
+⦁	User changeable if the webapp is self hosted
+[] Text Encryption / Decryption mode
+[] Text Password
+[] Text input / output
+[] PS Mode selector
+[] PS File Uploader
+[] PS Pickup Password
+[] PS Encryption / Decryption password
+[] PS 2FA Token support
+⦁	No Yubi/Passkey support for API calls
+[] PS error message if devices is offline or server can't be reached
+> No Windows support for a application, only webapp, and maybe CLI support.
+> Linux master race
+
+---
+### PacShare File Format
+pacshare/
+├── <file_id>pdf/jpeg/etc.paccrypt      # Encrypted binary file
+└── <file_id>meta.paccrypt		# Encrypted metadata
+---
+### Development Order
+0.	[] Phase 0 Tasks
+1.	[] paccrypt_algos/ + aes_gcm.py
+2.	[] app.py routes: /encrypt, /pickup/<id>
+3.	[] Add /decrypt route
+4.	[] Build metadata encryption helpers
+5.	[] Finish other engine modules
+6.	[] Build /api/* equivalents
+7.	[] Update README.md with all changed to the webapp.
+8.	[] Create a new installation guide.
+9.	[] Build CLI
+10.	[] Test CLI with --pickup + --share
+12.	[] Build GUI app on Linux
+13.	[] Test GUI app on Linux
+14.	[] Build GUI app on Android
+15.	[] Test GUI app on Android
+16.	[] Finilize all releases and push to main.
+17.	[] Create Wiki