TySS-Dev/PacCrypt-Webapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
022a1e7aaf70771668219584e0d06c19006f94b9
PacCrypt-Webapp/ROADMAP.md
T
Tyler 022a1e7aaf Create ROADMAP.md
2025-08-06 12:27:53 -10:00

8.1 KiB
Raw Blame History

Fully modular code for encryption libraries, ensure metadata is stored as encrypted hashs for PacShare, Revamp PacShares secure file send and pickup, and create a CLI and local application (Linux and Android).

Draft tree for webapp

paccrypt-webapp/ ├── static/ │ ├── audio/ │ │ └── chomp.mp3 │ ├── css/ │ │ └── styles.css │ ├── fonts/ │ │ └── PressStart2P-Regular.ttf │ ├── img/ │ │ ├── Github_logo.png │ │ ├── PacCrypt.png │ │ ├── PacCrypt_W-Background.png │ │ ├── PacCrypt_W-Backgroud_Name.png │ │ ├── PacCrypt_W-Name.png │ │ └── sitemap.png <-- Change img │ └── js/ <-- Pending changes │ ├── encryption.js │ ├── fileops.js │ ├── main.js │ ├── pacman.js │ └── ui.js ├── templates/ │ ├── 403.html │ ├── 404.html │ ├── 500.html │ ├── admin.html │ ├── admin_login.html │ ├── admin_settings.html │ ├── admin_setup.html │ ├── index.html │ └── pickup.html ├── application_data/ <-- New │ ├── scripts/ <-- New │ │ ├── start_dev <-- Moved │ │ ├── start_prod <-- Moved │ │ ├── restart_dev <-- New │ │ ├── restart_prod <-- New │ │ └── stop <-- New │ ├── settings.json <-- Moved │ ├── requirements.txt <-- Moved │ ├── admin_cred <-- Generated once admin is setup / Moved │ └── admin_hash <-- Generated once admin is setup / Moved ├── paccrypt_algos/ <-- New │ ├── aes_gcm.py <-- New │ ├── aes_cbc.py <-- New │ ├── xchacha.py <-- New │ ├── rsa_hybrid.py <-- New │ └── kyber_hybrid.py <-- New ├── pacshare/ <-- Generated at time of first PacShare upload, location customizable / New │ ├── <file_id>pdf/jpeg/etc.paccrypt <-- Encrypted binary file / Moved │ └── <file_id>meta.paccrypt <-- Encrypted metadata / Moved ├── README.md <-- Needs Updated ├── ROADMAP.md ├── LICENSE <-- New └── app.py

Phase 0

[] Remove docker files (Dropping official docker support)

[] Update README.md to be current.

[x] Add roadmap.md to repo

[] Create /application_data/ folder (for server settings, admin login and creds)

[] Create scripts folder in /application_data/

[] Create /paccrypt_algos/ folder

[] Builder better start, stop and restart scripts both prod and dev (Universal)

[] Add a button in the admin panel to switch to and from prod and dev modes

Phase 1: app.py - Modular Python Web App

app.py Responsibilities

[] Flask app + routing

[] Handle: ⦁ /encrypt ⦁ /decrypt ⦁ /pickup/<file_id>

[] Receive: ⦁ File or text ⦁ pickup_password (required) ⦁ encryption_password (required) ⦁ encryption_mode [] Encrypt metadata using pickup password [] Encrypt file using encryption password [] Dynamically load correct engine via decrypted metadata [] Save .enc + .meta, return pickup link [] Update PacMan like mini game logic revamp "(LOW PRIORITY)" [] Update PacMan like mini game base revamp "(LOW PRIORITY)"

/paccrypt_algos/ - Modular Crypto Engines

[] Create folder + interface [] Remove basic cypher Implement engines: [] aes_gcm.py [] aes_cbc.py [] xchacha.py [] rsa_hybrid.py [] kyber_hybrid.py (Testing) [] Each must expose: def encrypt\_text(text, key, metadata): ... def decrypt\_text(ciphertext, key, metadata): ... def encrypt\_file(in\_path, out\_path, key, metadata): ... def decrypt\_file(in\_path, out\_path, key, metadata): ... def get\_name(): return "AES-GCM"

Phase 2: PacShare - Reimplementation

/encrypt Route Flow [] JS submits (PacShare "Form"): ⦁ File ⦁ pickup_password (for metadata) ⦁ encryption_password (for file) ⦁ encryption_mode ⦁ 2FA token code / Yubi/Passkey set up

[] Python logic: ⦁ Encrypt file using selected algo + encryption_password ⦁ Generate metadata dict: ⦁ filename, enc_mode, pickup_hash, timestamp, optional 2FA ⦁ Encrypt metadata using AES-GCM derived from pickup_password ⦁ Save .enc and .meta files ⦁ Generate random file_id ⦁ Return /pickup/<file_id> link

Both passwords are required. One reveals the mode + metadata, the other decrypts the file.

/pickup/<file_id> Route Flow

[] Prompt for pickup_password [] Decrypt .meta and validate hash [] Show original filename, prompt for encryption_password [] Load correct module, decrypt file [] Offer file download

Metadata Structure (Encrypted JSON)

"filename": "report.pdf", "enc\_mode": "aes\_gcm", "pickup\_hash": "<argon2>", "created\_at": "2025-08-05T18:00Z", "2fa\_seed": "base32string", // optional "yubi\_token\_hash": "sha256", // optional

Stored as .meta Encrypted with AES-GCM using key from pickup_password

Phase 3: External API Access (/api/*)

Endpoint Description

POST /api/encrypt Local-only file/text encryption (returns file/meta) POST /api/ps-send Upload + encrypt + return pickup link (JSON) POST /api/ps-pickup Provide pickup ID + passwords, return decrypted file POST /api/decrypt Decrypt local .enc + .meta bundle GET /api/version Return current version tag

These endpoints must receive both passwords. Encryption password is never saved.

Phase 4: CLI Tool (Offline and API Hybrid)

[] Create PacCrypt-CLI repo [] paccrypt-cli command [] Local encrypt/decrypt support [] Support: [] --share-api to change api address (in case user is self hosting PacCrypt-Webapp) ⦁ Default api from https://paccrypt.unnaturalll.dev/ [] --share to upload via /api/ps-send [] --pickup to download + decrypt via /api/ps-pickup Always require (Send + Pickup) [] --method (to define encryption type) [] --pickup-password [] --encryption-password Optional (Send + Pickup) [] 2FA Token ⦁ No Yubi or passkey support for API calls [] --help (Shows command usage) [] CLI PacMan like mini game "(LOW PRIORITY)"

Phase 5: Local GUI Applications

Linux (First)

[] PyQt6 or GTK [] Same features as the Webapp [] Support for PacShare through API calls ⦁ Default https://paccrypt.unnaturalll.dev/ ⦁ User changeable if the webapp is self hosted [] Text Encryption / Decryption mode [] Text Password [] Text input / output [] PS Mode selector [] PS File Uploader [] PS Pickup Password [] PS Encryption / Decryption password [] PS 2FA Token support ⦁ No Yubi/Passkey support for API calls [] PS error message if devices is offline or server can't be reached [] KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged)

Android

[] Kivy or BeeWare [] Same features as the Webapp [] Support for PacShare through API calls ⦁ Default https://paccrypt.unnaturalll.dev/ ⦁ User changeable if the webapp is self hosted [] Text Encryption / Decryption mode [] Text Password [] Text input / output [] PS Mode selector [] PS File Uploader [] PS Pickup Password [] PS Encryption / Decryption password [] PS 2FA Token support ⦁ No Yubi/Passkey support for API calls [] PS error message if devices is offline or server can't be reached

No Windows support for a application, only webapp, and maybe CLI support. Linux master race

PacShare File Format

pacshare/ ├── <file_id>pdf/jpeg/etc.paccrypt # Encrypted binary file └── <file_id>meta.paccrypt # Encrypted metadata

Development Order

  1. [] Phase 0 Tasks
  2. [] paccrypt_algos/ + aes_gcm.py
  3. [] app.py routes: /encrypt, /pickup/
  4. [] Add /decrypt route
  5. [] Build metadata encryption helpers
  6. [] Finish other engine modules
  7. [] Build /api/* equivalents
  8. [] Update README.md with all changed to the webapp.
  9. [] Create a new installation guide.
  10. [] Build CLI
  11. [] Test CLI with --pickup + --share
  12. [] Build GUI app on Linux
  13. [] Test GUI app on Linux
  14. [] Build GUI app on Android
  15. [] Test GUI app on Android
  16. [] Finilize all releases and push to main.
  17. [] Create Wiki
Reference in New Issue View Git Blame Copy Permalink