PacCrypt-Webapp/ROADMAP.md

Important

Fully modular code for encryption libraries, ensure metadata is stored as encrypted hashs for PacShare, Revamp PacShares secure file send and pickup, and create a CLI and local application (Linux and Android).

---

Phase 0

• Remove docker files (Dropping official docker support)

• Update README.md to be current.

• Add roadmap.md to repo

• Create /application_data/ folder (for server settings, admin login and creds)

• Create scripts folder in /application_data/

• Create /paccrypt_algos/ folder

• Builder better start, stop and restart scripts both prod and dev (Linux Only)

• Add a button in the admin panel to switch to and from prod and dev modes - Saving for UI Revamp

Phase 1: app.py - Modular Python Web App

app.py Responsibilities

• Flask app + routing

• Handle:

• /encrypt

• /decrypt

• /pickup/<file_id>

• Receive:

• File or text

• pickup_password (required)

• encryption_password (required)

• encryption_mode

• Encrypt metadata using pickup password

• Encrypt file using encryption password

• Dynamically load correct engine via decrypted metadata

• Save .enc + .meta, return pickup link

• Update PacMan like mini game logic revamp "(LOW PRIORITY)"

• Update PacMan like mini game base revamp "(LOW PRIORITY)"

---

/paccrypt_algos/ - Modular Crypto Engines

• Create folder + interface

• Remove basic cypher

Implement engines:

• aes_gcm.py

• aes_cbc.py

• xchacha.py

• rsa_hybrid.py

• PQCrypt_hybrid.py (Testing)

• Each must expose:

def encrypt\_text(text, key, metadata): ...
def decrypt\_text(ciphertext, key, metadata): ...
def encrypt\_file(in\_path, out\_path, key, metadata): ...
def decrypt\_file(in\_path, out\_path, key, metadata): ...
def get\_name(): return "AES-GCM"

---

Phase 2: PacShare - Reimplementation

/encrypt Route Flow

• JS submits (PacShare "Form"):

• File

• pickup_password (for metadata)

• encryption_password (for file)

• encryption_mode

• 2FA token code / Yubi/Passkey set up

• Python logic:

• Encrypt file using selected algo + encryption_password

• Generate metadata dict:

• filename, enc_mode, pickup_hash, timestamp, optional 2FA

• Encrypt metadata using AES-GCM derived from pickup_password

• Save .paccrypt and .meta files

• Generate random file_id

• Return /pickup/<file_id> link

Important

Both passwords are required. One reveals the mode + metadata, the other decrypts the file.

---

/pickup/<file_id> Route Flow

• Prompt for pickup_password

• Decrypt .meta and validate hash

• Show original filename, prompt for encryption_password

• Load correct module, decrypt file

• Offer file download

---

Metadata Structure (Encrypted JSON)

"filename": "report.pdf",
"enc\_mode": "aes\_gcm",
"pickup\_hash": "<argon2>",
"created\_at": "2025-08-05T18:00Z",
"2fa\_seed": "base32string",  // optional
"yubi\_token\_hash": "sha256", // optional

Note

Stored as .meta Encrypted with AES-GCM using key from pickup_password

---

Phase 3: External API Access (/api/*)

Endpoint Description

POST /api/encrypt	Local-only file/text encryption (returns file/meta)
POST /api/ps-send	Upload + encrypt + return pickup link (JSON)
POST /api/ps-pickup	Provide pickup ID + passwords, return decrypted file
POST /api/decrypt	Decrypt local .enc + .meta bundle
GET /api/version	Return current version tag

Note

These endpoints must receive both passwords. Encryption password is never saved.

---

Phase 4: CLI Tool (Offline and API Hybrid)

• Create PacCrypt-CLI repo

• paccrypt-cli command

• Local encrypt/decrypt support

Support:

• --share-api to change api address (in case user is self hosting PacCrypt-Webapp)

• Default api from https://paccrypt.unnaturalll.dev/

• --share to upload via /api/ps-send

• --pickup to download + decrypt via /api/ps-pickup

Always require (Send + Pickup)

• --method (to define encryption type)

• --pickup-password

• --encryption-password

Optional (Send + Pickup)

• 2FA Token

• No Yubi or passkey support for API calls

• --help (Shows command usage)

• CLI PacMan like mini game (LOW PRIORITY)

---

Phase 5: Local GUI Applications

Linux (First)

• PyQt6 or GTK

• Same features as the Webapp

• Support for PacShare through API calls

• Default https://paccrypt.unnaturalll.dev/

• User changeable if the webapp is self hosted

• Text Encryption / Decryption mode

• Text Password

• Text input / output

• PacShare Mode selector

• PacShare File Uploader

• PacShare Pickup Password

• PacShare Encryption / Decryption password

• PacShare 2FA Token support

• No Yubi/Passkey support for API calls

• PacShare error message if devices is offline or server can't be reached

• KDE Dolphin context integration (right-click → encrypt | decrypt | share - share opens the paccrypt gui with the file already staged)

Android

• Kivy or BeeWare

• Same features as the Webapp

• Support for PacShare through API calls

• Default https://paccrypt.unnaturalll.dev/

• User changeable if the webapp is self hosted

• Text Encryption / Decryption mode

• Text Password

• Text input / output

• PS Mode selector

• PS File Uploader

• PS Pickup Password

• PS Encryption / Decryption password

• PS 2FA Token support

• No Yubi/Passkey support for API calls

• PS error message if devices is offline or server can't be reached

Important

No Windows support for a application, only webapp, and maybe CLI support.

Linux master race

---

PacShare File Format

pacshare/
├── <file_id>pdf/jpeg/etc.paccrypt      # Encrypted binary file
└── <file_id>meta.paccrypt		# Encrypted metadata

---

Development Order

0. • Phase 0 Tasks
1. • paccrypt_algos/ + aes_gcm.py
2. • app.py routes: /encrypt, /pickup/
3. • Add /decrypt route
4. • Build metadata encryption helpers
5. • Finish other engine modules
6. • Build /api/* equivalents
7. • Update README.md with all changed to the webapp.
8. • Create a new installation guide.
9. • Build CLI
10. • Test CLI with --pickup + --share
11. • Build GUI app on Linux
12. • Test GUI app on Linux
13. • Build GUI app on Android
14. • Test GUI app on Android
15. • Finilize all releases and push to main.
16. • Create Wiki

---

Draft tree for webapp

paccrypt-webapp/
├── static/
│   ├── audio/
│   │   └── chomp.mp3
│   ├── css/
│   │   └── styles.css
│   ├── fonts/
│   │   └── PressStart2P-Regular.ttf
│   ├── img/
│   │   ├── Github_logo.png
│   │   ├── PacCrypt.png
│   │   ├── PacCrypt_W-Background.png
│   │   ├── PacCrypt_W-Backgroud_Name.png
│   │   ├── PacCrypt_W-Name.png
│   │   └── sitemap.png <-- **Change img**
│   └── js/ <-- **Pending changes**
│       ├── encryption.js
│       ├── fileops.js
│       ├── main.js
│       ├── pacman.js
│       └── ui.js
├── templates/
│   ├── 403.html
│   ├── 404.html
│   ├── 500.html
│   ├── admin.html
│   ├── admin_login.html
│   ├── admin_settings.html
│   ├── admin_setup.html
│   ├── index.html
│   └── pickup.html
├── application_data/ <-- *New*
│   ├── scripts/ <-- *New*
│   │   ├── start_dev <-- *Moved*
│   │   ├── start_prod <-- *Moved*
│   │   ├── restart_dev <-- *New*
│   │   ├── restart_prod <-- *New*
│   │   └── stop <-- *New*
│   ├── settings.json <-- *Moved*
│   ├── requirements.txt <-- *Moved*
│   ├── admin_cred <-- **Generated once admin is setup** / *Moved*
│   └── admin_hash <-- **Generated once admin is setup** / *Moved*
├── paccrypt_algos/ <-- *New*
│   ├── aes_gcm.py <-- *New*
│   ├── aes_cbc.py <-- *New*
│   ├── xchacha.py <-- *New*
│   ├── rsa_hybrid.py <-- *New*
│   └── kyber_hybrid.py <-- *New*
├── pacshare/ <-- **Generated at time of first PacShare upload, location customizable** / *New*
│   ├── <file_id>pdf/jpeg/etc.paccrypt <-- **Encrypted binary file** / *Moved*
│   └── <file_id>meta.paccrypt <-- **Encrypted metadata** / *Moved*
├── README.md <-- **Needs Updated**
├── ROADMAP.md
├── LICENSE <-- *New*
└── app.py