TySS-Dev/PacCrypt-Webapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9ec15d62ef1a3368ff5262f55352caeb576acf36
PacCrypt-Webapp/ROADMAP.md
T
Tyler a9022bb5e3 Merging dev into main
2026-04-20 00:54:02 -04:00

10 KiB
Raw Blame History

Important

Fully modular code for encryption libraries, ensure metadata is stored as encrypted hashs for PacShare, Revamp PacShares secure file send and pickup, and create a CLI and local application (Linux and Android).

Phase 0

  • Remove docker files (Dropping official docker support)

  • Readd docker support

  • Update README.md to be current.

  • Add roadmap.md to repo

  • Create /application_data/ folder (for server settings, admin login and creds)

  • Create scripts folder in /application_data/

  • Create /paccrypt_algos/ folder

  • Builder better start, stop and restart scripts both prod and dev (Cross-platform: Windows & Linux)

  • Add a button in the admin panel to switch to and from prod and dev modes - COMPLETED: /admin-switch-dev-mode and /admin-switch-prod-mode endpoints implemented

Phase 1: app.py - Modular Python Web App

app.py Responsibilities

  • Flask app + routing

  • Handle:

  • /encrypt (via API endpoints)

  • /decrypt (via API endpoints)

  • /pickup/<file_id>

  • Receive:

  • File or text

  • pickup_password (required)

  • encryption_password (required)

  • encryption_mode (algorithm selection implemented)

  • Encrypt metadata using pickup password

  • Encrypt file using encryption password

  • Dynamically load correct engine via decrypted metadata

  • Save .encrypted + .json metadata, return pickup link

  • Update PacMan like mini game logic revamp "(LOW PRIORITY)"

  • Update PacMan like mini game base revamp "(LOW PRIORITY)"

/paccrypt_algos/ - Modular Crypto Engines

  • Create folder + interface

  • Remove basic cypher

Implement engines:

  • aes_gcm.py

  • aes_cbc.py

  • xchacha.py

  • rsa_hybrid.py

  • PQCrypt_hybrid.py (Testing) REMOVED: Post-quantum crypto removed for simplicity

  • Each must expose:

def encrypt_text(text, key): ...
def decrypt_text(ciphertext, key): ...
def encrypt_file(in_path, out_path, key): ...
def decrypt_file(in_path, out_path, key): ...
def generate_key_pair(): ... (for RSA hybrid)

COMPLETED: All modules implemented with correct API

Phase 2: PacShare - Reimplementation

/encrypt Route Flow

  • JS submits (PacShare "Form"):

  • File

  • pickup_password (for metadata)

  • encryption_password (for file)

  • encryption_mode

  • 2FA TOTP setup (Yubi/Passkey not implemented)

  • Python logic:

  • Encrypt file using selected algo + encryption_password

  • Generate metadata dict:

  • filename, enc_mode, pickup_hash, timestamp, optional 2FA

  • Encrypt metadata using AES-GCM derived from pickup_password

  • Save .{algorithm}.encrypted and .json files

  • Generate random file_id

  • Return /pickup/<file_id> link

Important

Both passwords are required. One reveals the mode + metadata, the other decrypts the file.

/pickup/<file_id> Route Flow

  • Prompt for pickup_password

  • Decrypt .json metadata and validate hash

  • Show original filename, prompt for encryption_password

  • Load correct module, decrypt file

  • Offer file download

Metadata Structure (Encrypted JSON)
"filename": "report.pdf",
"algorithm": "aes_cbc",
"pickup_password": "<sha256>",
"created_at": "2025-08-05T18:00Z",
"require_2fa": true,  // optional
"totp_secret": "base32string",  // optional
"service_name": "PacCrypt File: report.pdf..."  // optional

Note

Stored as .json Encrypted with AES-GCM using key derived from pickup_password COMPLETED: Metadata encryption implemented

Phase 3: External API Access (/api/*)

Endpoint Description
✅ GET /api/algorithms        List available encryption algorithms
✅ POST /api/generate-keypair Generate RSA key pairs  
✅ POST /api/encrypt          File/text encryption (returns encrypted data)
✅ POST /api/decrypt          File/text decryption  
✅ POST /api/pacshare         Upload + encrypt + return pickup link (JSON)
❌ POST /api/ps-pickup        Provide pickup ID + passwords, return decrypted file (Use web interface)
❌ GET /api/version           Return current version tag (Not implemented)

Note

COMPLETED: Core API endpoints implemented Pickup is handled via web interface at /pickup/<file_id> Encryption password is never saved server-side

Phase 4: CLI Tool (Offline and API Hybrid)

  • Create PacCrypt-CLI repo

  • paccrypt-cli command

  • Local encrypt/decrypt support

Support:

  • --share-api to change api address (in case user is self hosting PacCrypt-Webapp)

  • Default api from https://paccrypt.unnaturalll.dev/

  • --share to upload via /api/ps-send

  • --pickup to download + decrypt via /api/ps-pickup

Always require (Send + Pickup)

  • --method (to define encryption type)

  • --pickup-password

  • --encryption-password

Optional (Send + Pickup)

  • 2FA Token

  • No Yubi or passkey support for API calls

  • --help (Shows command usage)

  • CLI PacMan like mini game (LOW PRIORITY)

Phase 5: Local GUI Applications

Linux (First)

  • PyQt6 or GTK

  • Same features as the Webapp

  • Support for PacShare through API calls

  • Default https://paccrypt.unnaturalll.dev/

  • User changeable if the webapp is self hosted

  • Text Encryption / Decryption mode

  • Text Password

  • Text input / output

  • PacShare Mode selector

  • PacShare File Uploader

  • PacShare Pickup Password

  • PacShare Encryption / Decryption password

  • PacShare 2FA Token support

  • No Yubi/Passkey support for API calls

  • PacShare error message if devices is offline or server can't be reached

  • KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged)

Android

  • Kivy or BeeWare

  • Same features as the Webapp

  • Support for PacShare through API calls

  • Default https://paccrypt.unnaturalll.dev/

  • User changeable if the webapp is self hosted

  • Text Encryption / Decryption mode

  • Text Password

  • Text input / output

  • PS Mode selector

  • PS File Uploader

  • PS Pickup Password

  • PS Encryption / Decryption password

  • PS 2FA Token support

  • No Yubi/Passkey support for API calls

  • PS error message if devices is offline or server can't be reached

Important

No Windows support for a application, only webapp, and maybe CLI support.

Linux master race

PacShare File Format COMPLETED

pacshare/
├── <file_id>.<algorithm>.encrypted     # Encrypted binary file  
└── <file_id>.json                      # Encrypted metadata (JSON)

Current Implementation:

  • Files are stored as .{algorithm}.encrypted (e.g., .aes_cbc.encrypted)
  • Metadata stored as .json files with encrypted content
  • Algorithm info embedded in filename for automatic detection

Development Order

    • Phase 0 Tasks
    • paccrypt_algos/ + aes_gcm.py
    • app.py routes: /encrypt, /pickup/
    • Add /decrypt route
    • Build metadata encryption helpers
    • Finish other engine modules
    • Build /api/ equivalents*
    • Update README.md with all changes to the webapp
    • Create a new installation guide (Included in README.md)
    • Build CLI Next Priority
    • Test CLI with --pickup + --share
    • Build GUI app on Linux
    • Test GUI app on Linux
    • Build GUI app on Android
    • Test GUI app on Android
    • Finalize all releases and push to main
    • Create Wiki

🎉 WEBAPP CORE COMPLETE! 🎉

Current Status: All core webapp functionality implemented including:

  • Modular encryption engines (AES-GCM, AES-CBC, XChaCha20, RSA Hybrid)
  • Complete API with documentation
  • PacShare file sharing with 2FA support
  • Admin panel with full management features
  • Cross-platform deployment scripts
  • Comprehensive documentation

Current Webapp Structure COMPLETED

PacCrypt-Webapp/
├── app.py                          # Main Flask application ✅
├── README.md                       # Updated documentation ✅
├── ROADMAP.md                     # This file ✅
├── API.md                         # API documentation ✅ *NEW*
├── LICENSE                        # MIT License ✅
├── application_data/ ✅            # Application configuration
│   ├── control_scripts/ ✅         # Server management scripts
│   │   ├── start_dev.py ✅        # Development mode starter
│   │   ├── start_prod.py ✅       # Production mode starter
│   │   ├── restart_dev.py ✅      # Development restart
│   │   ├── restart_prod.py ✅     # Production restart
│   │   └── stop.py ✅             # Server stop script
│   ├── requirements.txt ✅        # Python dependencies
│   ├── settings.json ✅          # Application settings
│   ├── admin_creds.json ✅       # Encrypted admin credentials
│   ├── admin_key.key ✅         # Admin encryption key
│   └── admin_logs.enc ✅        # Encrypted audit logs
├── paccrypt_algos/ ✅              # Encryption modules
│   ├── __init__.py ✅             # Package initialization
│   ├── aes_cbc.py ✅             # AES-CBC implementation
│   ├── aes_gcm.py ✅             # AES-GCM implementation
│   ├── xchacha.py ✅             # XChaCha20-Poly1305
│   └── rsa_hybrid.py ✅          # RSA hybrid encryption
├── pacshare/ ✅                    # File upload storage
│   ├── *.{algorithm}.encrypted ✅  # Encrypted uploaded files
│   └── *.json ✅                  # File metadata
├── templates/ ✅                   # HTML templates
│   ├── index.html ✅              # Main interface
│   ├── pickup.html ✅             # File pickup page
│   ├── admin*.html ✅             # Admin panel pages
│   └── error pages (403,404,500) ✅
└── static/ ✅                     # Static assets
    ├── css/styles.css ✅          # Application styling
    ├── js/ ✅                     # JavaScript modules
    ├── img/ ✅                    # Images and icons
    ├── fonts/ ✅                  # Custom fonts
    └── audio/ ✅                  # Sound effects

🏆 PROJECT STRUCTURE FULLY IMPLEMENTED 🏆

Reference in New Issue View Git Blame Copy Permalink