TySS-Dev/PacCrypt-Webapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update ROADMAP.md

Browse Source
This commit is contained in:
Tyler
2025-08-06 12:49:07 -10:00
committed by GitHub
parent f042127931
commit a56ee7cefe
1 changed files with 216 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ROADMAP.md
+214 -118
View File
@@ -3,53 +3,74 @@
---
### Phase 0
[] Remove docker files (Dropping official docker support)
[] Update README.md to be current.
- [ ] Remove docker files (Dropping official docker support)
[x] Add roadmap.md to repo
- [ ] Update README.md to be current.
[] Create /application_data/ folder (for server settings, admin login and creds)
- [x] Add roadmap.md to repo
[] Create scripts folder in /application_data/
- [ ] Create /application_data/ folder (for server settings, admin login and creds)
[] Create /paccrypt_algos/ folder
- [ ] Create scripts folder in /application_data/
[] Builder better start, stop and restart scripts both prod and dev (Universal)
- [ ] Create /paccrypt_algos/ folder
[] Add a button in the admin panel to switch to and from prod and dev modes
- [ ] Builder better start, stop and restart scripts both prod and dev (Universal)
- [ ] Add a button in the admin panel to switch to and from prod and dev modes
### Phase 1: app.py - Modular Python Web App
##### app.py Responsibilities
[] Flask app + routing
[] Handle:
⦁ /encrypt
⦁ /decrypt
⦁ /pickup/<file_id>
- [ ] Flask app + routing
- [ ] Handle:
- /encrypt
- /decrypt
- /pickup/<file_id>
- [ ] Receive:
- File or text
- pickup_password (required)
- encryption_password (required)
- encryption_mode
- [ ] Encrypt metadata using pickup password
- [ ] Encrypt file using encryption password
- [ ] Dynamically load correct engine via decrypted metadata
- [ ] Save .enc + .meta, return pickup link
- [ ] Update PacMan like mini game logic revamp "(LOW PRIORITY)"
- [ ] Update PacMan like mini game base revamp "(LOW PRIORITY)"
[] Receive:
⦁ File or text
⦁ pickup_password (required)
⦁ encryption_password (required)
⦁ encryption_mode
[] Encrypt metadata using pickup password
[] Encrypt file using encryption password
[] Dynamically load correct engine via decrypted metadata
[] Save .enc + .meta, return pickup link
[] Update PacMan like mini game logic revamp "(LOW PRIORITY)"
[] Update PacMan like mini game base revamp "(LOW PRIORITY)"
---
##### /paccrypt_algos/ - Modular Crypto Engines
[] Create folder + interface
[] Remove basic cypher
- [ ] Create folder + interface
- [ ] Remove basic cypher
Implement engines:
[] aes_gcm.py
[] aes_cbc.py
[] xchacha.py
[] rsa_hybrid.py
[] kyber_hybrid.py (Testing)
[] Each must expose:
- [ ] aes_gcm.py
- [ ] aes_cbc.py
- [ ] xchacha.py
- [ ] rsa_hybrid.py
- [ ] kyber_hybrid.py (Testing)
- [ ] Each must expose:
```
def encrypt\_text(text, key, metadata): ...
def decrypt\_text(ciphertext, key, metadata): ...
@@ -57,34 +78,49 @@ def encrypt\_file(in\_path, out\_path, key, metadata): ...
def decrypt\_file(in\_path, out\_path, key, metadata): ...
def get\_name(): return "AES-GCM"
```
---
### Phase 2: PacShare - Reimplementation
/encrypt Route Flow
[] JS submits (PacShare "Form"):
⦁ File
⦁ pickup_password (for metadata)
⦁ encryption_password (for file)
⦁ encryption_mode
⦁ 2FA token code / Yubi/Passkey set up
[] Python logic:
⦁ Encrypt file using selected algo + encryption_password
⦁ Generate metadata dict:
⦁ filename, enc_mode, pickup_hash, timestamp, optional 2FA
⦁ Encrypt metadata using AES-GCM derived from pickup_password
⦁ Save .enc and .meta files
⦁ Generate random file_id
⦁ Return /pickup/<file_id> link
---
### Phase 2: PacShare - Reimplementation
/encrypt Route Flow
- [ ] JS submits (PacShare "Form"):
- File
- pickup_password (for metadata)
- encryption_password (for file)
- encryption_mode
- 2FA token code / Yubi/Passkey set up
- [ ] Python logic:
- Encrypt file using selected algo + encryption_password
- Generate metadata dict:
- filename, enc_mode, pickup_hash, timestamp, optional 2FA
- Encrypt metadata using AES-GCM derived from pickup_password
- Save .paccrypt and .meta files
- Generate random file_id
- Return /pickup/<file_id> link
> Both passwords are required. One reveals the mode + metadata, the other decrypts the file.
---
##### /pickup/<file_id> Route Flow
[] Prompt for pickup_password
[] Decrypt .meta and validate hash
[] Show original filename, prompt for encryption_password
[] Load correct module, decrypt file
[] Offer file download
- [ ] Prompt for pickup_password
- [ ] Decrypt .meta and validate hash
- [ ] Show original filename, prompt for encryption_password
- [ ] Load correct module, decrypt file
- [ ] Offer file download
---
##### Metadata Structure (Encrypted JSON)
```
"filename": "report.pdf",
"enc\_mode": "aes\_gcm",
@@ -93,11 +129,17 @@ def get\_name(): return "AES-GCM"
"2fa\_seed": "base32string", // optional
"yubi\_token\_hash": "sha256", // optional
```
> Stored as .meta
> Encrypted with AES-GCM using key from pickup\_password
---
### Phase 3: External API Access (/api/*)
##### Endpoint Description
```
POST /api/encrypt Local-only file/text encryption (returns file/meta)
POST /api/ps-send Upload + encrypt + return pickup link (JSON)
@@ -105,95 +147,149 @@ POST /api/ps-pickup Provide pickup ID + passwords, return decrypted file
POST /api/decrypt Decrypt local .enc + .meta bundle
GET /api/version Return current version tag
```
> These endpoints must receive both passwords. Encryption password is never saved.
---
### Phase 4: CLI Tool (Offline and API Hybrid)
[] Create PacCrypt-CLI repo
[] paccrypt-cli command
[] Local encrypt/decrypt support
[] Support:
[] --share-api to change api address (in case user is self hosting PacCrypt-Webapp)
⦁ Default api from https://paccrypt.unnaturalll.dev/
[] --share to upload via /api/ps-send
[] --pickup <id> to download + decrypt via /api/ps-pickup
Always require (Send + Pickup)
[] --method (to define encryption type)
[] --pickup-password
[] --encryption-password
- [ ] Create PacCrypt-CLI repo
- [ ] paccrypt-cli command
- [ ] Local encrypt/decrypt support
##### Support:
- [ ] --share-api to change api address (in case user is self hosting PacCrypt-Webapp)
- Default api from https://paccrypt.unnaturalll.dev/
- [ ] --share to upload via /api/ps-send
- [ ] --pickup <id> to download + decrypt via /api/ps-pickup
##### Always require (Send + Pickup)
- [ ] --method (to define encryption type)
- [ ] --pickup-password
- [ ] --encryption-password
Optional (Send + Pickup)
[] 2FA Token
⦁ No Yubi or passkey support for API calls
[] --help (Shows command usage)
[] CLI PacMan like mini game (LOW PRIORITY)
- [ ] 2FA Token
- No Yubi or passkey support for API calls
- [ ] --help (Shows command usage)
- [ ] CLI PacMan like mini game (LOW PRIORITY)
---
### Phase 5: Local GUI Applications
##### Linux (First)
[] PyQt6 or GTK
[] Same features as the Webapp
[] Support for PacShare through API calls
⦁ Default https://paccrypt.unnaturalll.dev/
⦁ User changeable if the webapp is self hosted
[] Text Encryption / Decryption mode
[] Text Password
[] Text input / output
[] PS Mode selector
[] PS File Uploader
[] PS Pickup Password
[] PS Encryption / Decryption password
[] PS 2FA Token support
⦁ No Yubi/Passkey support for API calls
[] PS error message if devices is offline or server can't be reached
[] KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged)
- [ ] PyQt6 or GTK
- [ ] Same features as the Webapp
- [ ] Support for PacShare through API calls
- Default https://paccrypt.unnaturalll.dev/
- User changeable if the webapp is self hosted
- [ ] Text Encryption / Decryption mode
- [ ] Text Password
- [ ] Text input / output
- [ ] PacShare Mode selector
- [ ] PacShare File Uploader
- [ ] PacShare Pickup Password
- [ ] PacShare Encryption / Decryption password
- [ ] PacShare 2FA Token support
- No Yubi/Passkey support for API calls
- [ ] PacShare error message if devices is offline or server can't be reached
- [ ] KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged)
##### Android
[] Kivy or BeeWare
[] Same features as the Webapp
[] Support for PacShare through API calls
⦁ Default https://paccrypt.unnaturalll.dev/
⦁ User changeable if the webapp is self hosted
[] Text Encryption / Decryption mode
[] Text Password
[] Text input / output
[] PS Mode selector
[] PS File Uploader
[] PS Pickup Password
[] PS Encryption / Decryption password
[] PS 2FA Token support
⦁ No Yubi/Passkey support for API calls
[] PS error message if devices is offline or server can't be reached
- [ ] Kivy or BeeWare
- [ ] Same features as the Webapp
- [ ] Support for PacShare through API calls
- Default https://paccrypt.unnaturalll.dev/
- User changeable if the webapp is self hosted
- [ ] Text Encryption / Decryption mode
- [ ] Text Password
- [ ] Text input / output
- [ ] PS Mode selector
- [ ] PS File Uploader
- [ ] PS Pickup Password
- [ ] PS Encryption / Decryption password
- [ ] PS 2FA Token support
- No Yubi/Passkey support for API calls
- [ ] PS error message if devices is offline or server can't be reached
> No <ins>Windows</ins> support for a application, only webapp, and maybe CLI support.
`Linux master race`
---
### PacShare File Format
```
pacshare/
├── <file_id>pdf/jpeg/etc.paccrypt # Encrypted binary file
└── <file_id>meta.paccrypt # Encrypted metadata
```
---
### Development Order
0. [] Phase 0 Tasks
1. [] paccrypt_algos/ + aes_gcm.py
2. [] app.py routes: /encrypt, /pickup/<id>
3. [] Add /decrypt route
4. [] Build metadata encryption helpers
5. [] Finish other engine modules
6. [] Build /api/* equivalents
7. [] Update README.md with all changed to the webapp.
8. [] Create a new installation guide.
9. [] Build CLI
10. [] Test CLI with --pickup + --share
12. [] Build GUI app on Linux
13. [] Test GUI app on Linux
14. [] Build GUI app on Android
15. [] Test GUI app on Android
16. [] Finilize all releases and push to main.
17. [] Create Wiki
0. - [ ] Phase 0 Tasks
1. - [ ] paccrypt_algos/ + aes_gcm.py
2. - [ ] app.py routes: /encrypt, /pickup/<id>
3. - [ ] Add /decrypt route
4. - [ ] Build metadata encryption helpers
5. - [ ] Finish other engine modules
6. - [ ] Build /api/* equivalents
7. - [ ] Update README.md with all changed to the webapp.
8. - [ ] Create a new installation guide.
9. - [ ] Build CLI
10. - [ ] Test CLI with --pickup + --share
12. - [ ] Build GUI app on Linux
13. - [ ] Test GUI app on Linux
14. - [ ] Build GUI app on Android
15. - [ ] Test GUI app on Android
16. - [ ] Finilize all releases and push to main.
17. - [ ] Create Wiki
---
### Draft tree for webapp
```
paccrypt-webapp/
├── static/