TySS-Dev/PacCrypt-Webapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
43f47565dada5f30bad74bb893d664e491054023
PacCrypt-Webapp/ROADMAP.md
T
Tyler 43f47565da Update ROADMAP.md
2025-08-06 12:28:52 -10:00

8.1 KiB
Raw Blame History

Fully modular code for encryption libraries, ensure metadata is stored as encrypted hashs for PacShare, Revamp PacShares secure file send and pickup, and create a CLI and local application (Linux and Android).

Draft tree for webapp

\paccrypt-webapp/ \├── static/ \│ ├── audio/ \│ │ └── chomp.mp3 \│ ├── css/ \│ │ └── styles.css \│ ├── fonts/ \│ │ └── PressStart2P-Regular.ttf \│ ├── img/ \│ │ ├── Github_logo.png \│ │ ├── PacCrypt.png \│ │ ├── PacCrypt_W-Background.png \│ │ ├── PacCrypt_W-Backgroud_Name.png \│ │ ├── PacCrypt_W-Name.png \│ │ └── sitemap.png <-- Change img \│ └── js/ <-- Pending changes \│ ├── encryption.js \│ ├── fileops.js \│ ├── main.js \│ ├── pacman.js \│ └── ui.js \├── templates/ \│ ├── 403.html \│ ├── 404.html \│ ├── 500.html \│ ├── admin.html \│ ├── admin_login.html \│ ├── admin_settings.html \│ ├── admin_setup.html \│ ├── index.html \│ └── pickup.html \├── application_data/ <-- New \│ ├── scripts/ <-- New \│ │ ├── start_dev <-- Moved \│ │ ├── start_prod <-- Moved \│ │ ├── restart_dev <-- New \│ │ ├── restart_prod <-- New \│ │ └── stop <-- New \│ ├── settings.json <-- Moved \│ ├── requirements.txt <-- Moved \│ ├── admin_cred <-- Generated once admin is setup / Moved \│ └── admin_hash <-- Generated once admin is setup / Moved \├── paccrypt_algos/ <-- New \│ ├── aes_gcm.py <-- New \│ ├── aes_cbc.py <-- New \│ ├── xchacha.py <-- New \│ ├── rsa_hybrid.py <-- New \│ └── kyber_hybrid.py <-- New \├── pacshare/ <-- Generated at time of first PacShare upload, location customizable / New \│ ├── <file_id>pdf/jpeg/etc.paccrypt <-- Encrypted binary file / Moved \│ └── <file_id>meta.paccrypt <-- Encrypted metadata / Moved \├── README.md <-- Needs Updated \├── ROADMAP.md \├── LICENSE <-- New \└── app.py

Phase 0

[] Remove docker files (Dropping official docker support)

[] Update README.md to be current.

[x] Add roadmap.md to repo

[] Create /application_data/ folder (for server settings, admin login and creds)

[] Create scripts folder in /application_data/

[] Create /paccrypt_algos/ folder

[] Builder better start, stop and restart scripts both prod and dev (Universal)

[] Add a button in the admin panel to switch to and from prod and dev modes

Phase 1: app.py - Modular Python Web App

app.py Responsibilities

[] Flask app + routing

[] Handle: ⦁ /encrypt ⦁ /decrypt ⦁ /pickup/<file_id>

[] Receive: ⦁ File or text ⦁ pickup_password (required) ⦁ encryption_password (required) ⦁ encryption_mode [] Encrypt metadata using pickup password [] Encrypt file using encryption password [] Dynamically load correct engine via decrypted metadata [] Save .enc + .meta, return pickup link [] Update PacMan like mini game logic revamp "(LOW PRIORITY)" [] Update PacMan like mini game base revamp "(LOW PRIORITY)"

/paccrypt_algos/ - Modular Crypto Engines

[] Create folder + interface [] Remove basic cypher Implement engines: [] aes_gcm.py [] aes_cbc.py [] xchacha.py [] rsa_hybrid.py [] kyber_hybrid.py (Testing) [] Each must expose: def encrypt\_text(text, key, metadata): ... def decrypt\_text(ciphertext, key, metadata): ... def encrypt\_file(in\_path, out\_path, key, metadata): ... def decrypt\_file(in\_path, out\_path, key, metadata): ... def get\_name(): return "AES-GCM"

Phase 2: PacShare - Reimplementation

/encrypt Route Flow [] JS submits (PacShare "Form"): ⦁ File ⦁ pickup_password (for metadata) ⦁ encryption_password (for file) ⦁ encryption_mode ⦁ 2FA token code / Yubi/Passkey set up

[] Python logic: ⦁ Encrypt file using selected algo + encryption_password ⦁ Generate metadata dict: ⦁ filename, enc_mode, pickup_hash, timestamp, optional 2FA ⦁ Encrypt metadata using AES-GCM derived from pickup_password ⦁ Save .enc and .meta files ⦁ Generate random file_id ⦁ Return /pickup/<file_id> link

Both passwords are required. One reveals the mode + metadata, the other decrypts the file.

/pickup/<file_id> Route Flow

[] Prompt for pickup_password [] Decrypt .meta and validate hash [] Show original filename, prompt for encryption_password [] Load correct module, decrypt file [] Offer file download

Metadata Structure (Encrypted JSON)

"filename": "report.pdf", "enc\_mode": "aes\_gcm", "pickup\_hash": "<argon2>", "created\_at": "2025-08-05T18:00Z", "2fa\_seed": "base32string", // optional "yubi\_token\_hash": "sha256", // optional

Stored as .meta Encrypted with AES-GCM using key from pickup_password

Phase 3: External API Access (/api/*)

Endpoint Description

POST /api/encrypt Local-only file/text encryption (returns file/meta) POST /api/ps-send Upload + encrypt + return pickup link (JSON) POST /api/ps-pickup Provide pickup ID + passwords, return decrypted file POST /api/decrypt Decrypt local .enc + .meta bundle GET /api/version Return current version tag

These endpoints must receive both passwords. Encryption password is never saved.

Phase 4: CLI Tool (Offline and API Hybrid)

[] Create PacCrypt-CLI repo [] paccrypt-cli command [] Local encrypt/decrypt support [] Support: [] --share-api to change api address (in case user is self hosting PacCrypt-Webapp) ⦁ Default api from https://paccrypt.unnaturalll.dev/ [] --share to upload via /api/ps-send [] --pickup to download + decrypt via /api/ps-pickup Always require (Send + Pickup) [] --method (to define encryption type) [] --pickup-password [] --encryption-password Optional (Send + Pickup) [] 2FA Token ⦁ No Yubi or passkey support for API calls [] --help (Shows command usage) [] CLI PacMan like mini game "(LOW PRIORITY)"

Phase 5: Local GUI Applications

Linux (First)

[] PyQt6 or GTK [] Same features as the Webapp [] Support for PacShare through API calls ⦁ Default https://paccrypt.unnaturalll.dev/ ⦁ User changeable if the webapp is self hosted [] Text Encryption / Decryption mode [] Text Password [] Text input / output [] PS Mode selector [] PS File Uploader [] PS Pickup Password [] PS Encryption / Decryption password [] PS 2FA Token support ⦁ No Yubi/Passkey support for API calls [] PS error message if devices is offline or server can't be reached [] KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged)

Android

[] Kivy or BeeWare [] Same features as the Webapp [] Support for PacShare through API calls ⦁ Default https://paccrypt.unnaturalll.dev/ ⦁ User changeable if the webapp is self hosted [] Text Encryption / Decryption mode [] Text Password [] Text input / output [] PS Mode selector [] PS File Uploader [] PS Pickup Password [] PS Encryption / Decryption password [] PS 2FA Token support ⦁ No Yubi/Passkey support for API calls [] PS error message if devices is offline or server can't be reached

No Windows support for a application, only webapp, and maybe CLI support. Linux master race

PacShare File Format

pacshare/ ├── <file_id>pdf/jpeg/etc.paccrypt # Encrypted binary file └── <file_id>meta.paccrypt # Encrypted metadata

Development Order

  1. [] Phase 0 Tasks
  2. [] paccrypt_algos/ + aes_gcm.py
  3. [] app.py routes: /encrypt, /pickup/
  4. [] Add /decrypt route
  5. [] Build metadata encryption helpers
  6. [] Finish other engine modules
  7. [] Build /api/* equivalents
  8. [] Update README.md with all changed to the webapp.
  9. [] Create a new installation guide.
  10. [] Build CLI
  11. [] Test CLI with --pickup + --share
  12. [] Build GUI app on Linux
  13. [] Test GUI app on Linux
  14. [] Build GUI app on Android
  15. [] Test GUI app on Android
  16. [] Finilize all releases and push to main.
  17. [] Create Wiki
Reference in New Issue View Git Blame Copy Permalink