From a56ee7cefeca80e44f5c50afd0baca9e76aa1f87 Mon Sep 17 00:00:00 2001 From: Tyler <68524461+TySP-Dev@users.noreply.github.com> Date: Wed, 6 Aug 2025 12:49:07 -1000 Subject: [PATCH] Update ROADMAP.md --- ROADMAP.md | 336 ++++++++++++++++++++++++++++++++++------------------- 1 file changed, 216 insertions(+), 120 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index a31847c..1363443 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -3,53 +3,74 @@ --- ### Phase 0 -[] Remove docker files (Dropping official docker support) -[] Update README.md to be current. +- [ ] Remove docker files (Dropping official docker support) -[x] Add roadmap.md to repo +- [ ] Update README.md to be current. -[] Create /application_data/ folder (for server settings, admin login and creds) +- [x] Add roadmap.md to repo -[] Create scripts folder in /application_data/ +- [ ] Create /application_data/ folder (for server settings, admin login and creds) -[] Create /paccrypt_algos/ folder +- [ ] Create scripts folder in /application_data/ -[] Builder better start, stop and restart scripts both prod and dev (Universal) +- [ ] Create /paccrypt_algos/ folder -[] Add a button in the admin panel to switch to and from prod and dev modes +- [ ] Builder better start, stop and restart scripts both prod and dev (Universal) + +- [ ] Add a button in the admin panel to switch to and from prod and dev modes ### Phase 1: app.py - Modular Python Web App + ##### app.py Responsibilities -[] Flask app + routing -[] Handle: -⦁ /encrypt -⦁ /decrypt -⦁ /pickup/ +- [ ] Flask app + routing + +- [ ] Handle: +- /encrypt +- /decrypt +- /pickup/ + +- [ ] Receive: +- File or text +- pickup_password (required) +- encryption_password (required) +- encryption_mode + +- [ ] Encrypt metadata using pickup password + +- [ ] Encrypt file using encryption password + +- [ ] Dynamically load correct engine via decrypted metadata + +- [ ] Save .enc + .meta, return pickup link + +- [ ] Update PacMan like mini game logic revamp "(LOW PRIORITY)" + +- [ ] Update PacMan like mini game base revamp "(LOW PRIORITY)" -[] Receive: -⦁ File or text -⦁ pickup_password (required) -⦁ encryption_password (required) -⦁ encryption_mode -[] Encrypt metadata using pickup password -[] Encrypt file using encryption password -[] Dynamically load correct engine via decrypted metadata -[] Save .enc + .meta, return pickup link -[] Update PacMan like mini game logic revamp "(LOW PRIORITY)" -[] Update PacMan like mini game base revamp "(LOW PRIORITY)" --- + ##### /paccrypt_algos/ - Modular Crypto Engines -[] Create folder + interface -[] Remove basic cypher + +- [ ] Create folder + interface + +- [ ] Remove basic cypher + Implement engines: -[] aes_gcm.py -[] aes_cbc.py -[] xchacha.py -[] rsa_hybrid.py -[] kyber_hybrid.py (Testing) -[] Each must expose: + +- [ ] aes_gcm.py + +- [ ] aes_cbc.py + +- [ ] xchacha.py + +- [ ] rsa_hybrid.py + +- [ ] kyber_hybrid.py (Testing) + +- [ ] Each must expose: + ``` def encrypt\_text(text, key, metadata): ... def decrypt\_text(ciphertext, key, metadata): ... @@ -57,34 +78,49 @@ def encrypt\_file(in\_path, out\_path, key, metadata): ... def decrypt\_file(in\_path, out\_path, key, metadata): ... def get\_name(): return "AES-GCM" ``` ---- -### Phase 2: PacShare - Reimplementation -/encrypt Route Flow -[] JS submits (PacShare "Form"): -⦁ File -⦁ pickup_password (for metadata) -⦁ encryption_password (for file) -⦁ encryption_mode -⦁ 2FA token code / Yubi/Passkey set up -[] Python logic: -⦁ Encrypt file using selected algo + encryption_password -⦁ Generate metadata dict: -⦁ filename, enc_mode, pickup_hash, timestamp, optional 2FA -⦁ Encrypt metadata using AES-GCM derived from pickup_password -⦁ Save .enc and .meta files -⦁ Generate random file_id -⦁ Return /pickup/ link +--- + +### Phase 2: PacShare - Reimplementation + +/encrypt Route Flow + +- [ ] JS submits (PacShare "Form"): +- File +- pickup_password (for metadata) +- encryption_password (for file) +- encryption_mode +- 2FA token code / Yubi/Passkey set up + +- [ ] Python logic: +- Encrypt file using selected algo + encryption_password +- Generate metadata dict: +- filename, enc_mode, pickup_hash, timestamp, optional 2FA +- Encrypt metadata using AES-GCM derived from pickup_password +- Save .paccrypt and .meta files +- Generate random file_id +- Return /pickup/ link + > Both passwords are required. One reveals the mode + metadata, the other decrypts the file. + --- + ##### /pickup/ Route Flow -[] Prompt for pickup_password -[] Decrypt .meta and validate hash -[] Show original filename, prompt for encryption_password -[] Load correct module, decrypt file -[] Offer file download + +- [ ] Prompt for pickup_password + +- [ ] Decrypt .meta and validate hash + +- [ ] Show original filename, prompt for encryption_password + +- [ ] Load correct module, decrypt file + +- [ ] Offer file download + --- + ##### Metadata Structure (Encrypted JSON) + ``` "filename": "report.pdf", "enc\_mode": "aes\_gcm", @@ -93,11 +129,17 @@ def get\_name(): return "AES-GCM" "2fa\_seed": "base32string", // optional "yubi\_token\_hash": "sha256", // optional ``` ->Stored as .meta ->Encrypted with AES-GCM using key from pickup\_password + +> Stored as .meta + +> Encrypted with AES-GCM using key from pickup\_password + --- + ### Phase 3: External API Access (/api/*) + ##### Endpoint Description + ``` POST /api/encrypt Local-only file/text encryption (returns file/meta) POST /api/ps-send Upload + encrypt + return pickup link (JSON) @@ -105,95 +147,149 @@ POST /api/ps-pickup Provide pickup ID + passwords, return decrypted file POST /api/decrypt Decrypt local .enc + .meta bundle GET /api/version Return current version tag ``` + > These endpoints must receive both passwords. Encryption password is never saved. + --- + ### Phase 4: CLI Tool (Offline and API Hybrid) -[] Create PacCrypt-CLI repo -[] paccrypt-cli command -[] Local encrypt/decrypt support -[] Support: -[] --share-api to change api address (in case user is self hosting PacCrypt-Webapp) -⦁ Default api from https://paccrypt.unnaturalll.dev/ -[] --share to upload via /api/ps-send -[] --pickup to download + decrypt via /api/ps-pickup -Always require (Send + Pickup) -[] --method (to define encryption type) -[] --pickup-password -[] --encryption-password + +- [ ] Create PacCrypt-CLI repo + +- [ ] paccrypt-cli command + +- [ ] Local encrypt/decrypt support + +##### Support: + +- [ ] --share-api to change api address (in case user is self hosting PacCrypt-Webapp) +- Default api from https://paccrypt.unnaturalll.dev/ + +- [ ] --share to upload via /api/ps-send + +- [ ] --pickup to download + decrypt via /api/ps-pickup + +##### Always require (Send + Pickup) + +- [ ] --method (to define encryption type) + +- [ ] --pickup-password + +- [ ] --encryption-password + Optional (Send + Pickup) -[] 2FA Token -⦁ No Yubi or passkey support for API calls -[] --help (Shows command usage) -[] CLI PacMan like mini game (LOW PRIORITY) + +- [ ] 2FA Token +- No Yubi or passkey support for API calls + +- [ ] --help (Shows command usage) + +- [ ] CLI PacMan like mini game (LOW PRIORITY) + --- + ### Phase 5: Local GUI Applications + ##### Linux (First) -[] PyQt6 or GTK -[] Same features as the Webapp -[] Support for PacShare through API calls -⦁ Default https://paccrypt.unnaturalll.dev/ -⦁ User changeable if the webapp is self hosted -[] Text Encryption / Decryption mode -[] Text Password -[] Text input / output -[] PS Mode selector -[] PS File Uploader -[] PS Pickup Password -[] PS Encryption / Decryption password -[] PS 2FA Token support -⦁ No Yubi/Passkey support for API calls -[] PS error message if devices is offline or server can't be reached -[] KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged) + +- [ ] PyQt6 or GTK + +- [ ] Same features as the Webapp + +- [ ] Support for PacShare through API calls +- Default https://paccrypt.unnaturalll.dev/ +- User changeable if the webapp is self hosted + +- [ ] Text Encryption / Decryption mode + +- [ ] Text Password + +- [ ] Text input / output + +- [ ] PacShare Mode selector + +- [ ] PacShare File Uploader + +- [ ] PacShare Pickup Password + +- [ ] PacShare Encryption / Decryption password + +- [ ] PacShare 2FA Token support +- No Yubi/Passkey support for API calls + +- [ ] PacShare error message if devices is offline or server can't be reached + +- [ ] KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged) + ##### Android -[] Kivy or BeeWare -[] Same features as the Webapp -[] Support for PacShare through API calls -⦁ Default https://paccrypt.unnaturalll.dev/ -⦁ User changeable if the webapp is self hosted -[] Text Encryption / Decryption mode -[] Text Password -[] Text input / output -[] PS Mode selector -[] PS File Uploader -[] PS Pickup Password -[] PS Encryption / Decryption password -[] PS 2FA Token support -⦁ No Yubi/Passkey support for API calls -[] PS error message if devices is offline or server can't be reached + +- [ ] Kivy or BeeWare + +- [ ] Same features as the Webapp + +- [ ] Support for PacShare through API calls +- Default https://paccrypt.unnaturalll.dev/ +- User changeable if the webapp is self hosted + +- [ ] Text Encryption / Decryption mode + +- [ ] Text Password + +- [ ] Text input / output + +- [ ] PS Mode selector + +- [ ] PS File Uploader + +- [ ] PS Pickup Password + +- [ ] PS Encryption / Decryption password + +- [ ] PS 2FA Token support +- No Yubi/Passkey support for API calls + +- [ ] PS error message if devices is offline or server can't be reached + > No Windows support for a application, only webapp, and maybe CLI support. `Linux master race` --- + ### PacShare File Format + ``` pacshare/ ├── pdf/jpeg/etc.paccrypt # Encrypted binary file └── meta.paccrypt # Encrypted metadata ``` + --- + ### Development Order -0. [] Phase 0 Tasks -1. [] paccrypt_algos/ + aes_gcm.py -2. [] app.py routes: /encrypt, /pickup/ -3. [] Add /decrypt route -4. [] Build metadata encryption helpers -5. [] Finish other engine modules -6. [] Build /api/* equivalents -7. [] Update README.md with all changed to the webapp. -8. [] Create a new installation guide. -9. [] Build CLI -10. [] Test CLI with --pickup + --share -12. [] Build GUI app on Linux -13. [] Test GUI app on Linux -14. [] Build GUI app on Android -15. [] Test GUI app on Android -16. [] Finilize all releases and push to main. -17. [] Create Wiki + +0. - [ ] Phase 0 Tasks +1. - [ ] paccrypt_algos/ + aes_gcm.py +2. - [ ] app.py routes: /encrypt, /pickup/ +3. - [ ] Add /decrypt route +4. - [ ] Build metadata encryption helpers +5. - [ ] Finish other engine modules +6. - [ ] Build /api/* equivalents +7. - [ ] Update README.md with all changed to the webapp. +8. - [ ] Create a new installation guide. +9. - [ ] Build CLI +10. - [ ] Test CLI with --pickup + --share +12. - [ ] Build GUI app on Linux +13. - [ ] Test GUI app on Linux +14. - [ ] Build GUI app on Android +15. - [ ] Test GUI app on Android +16. - [ ] Finilize all releases and push to main. +17. - [ ] Create Wiki --- ### Draft tree for webapp + ``` paccrypt-webapp/ ├── static/