Setting Up a Secure File Sharing System From Your Home in 30 Minutes
Setting Up a Secure File Sharing System From Your Home in 30 Minutes
A member of the DZone community has created a free, open source secure file sharing system. Read on to learn more about it!
Join the DZone community and get the full member experience.Join For Free
Protect your applications against today's increasingly sophisticated threat landscape.
The ability to communicate in privacy, and privately share information with anyone you want to share information with, is a human right. It is ensured through the UN's human rights declaration, the American constitution, and the EU's laws in general. Unfortunately, our computers haven't been able to "catch up" on these facts just yet. Hence, I decided to create a cryptographically secure file sharing system, and give it away as Free and Open Source Software.
The system is called "Sulphur Five," and is a module in my web operating system, Phosphorus Five - which means that you can install it easily, on your server, from within your browser, securely! As guaranteed by PGP cryptography.
First get yourself a vanilla Ubuntu Server. You can easily convert one of your old laptops. The Ubuntu Server will treat even a 10-year old discarded Windows laptop as if it was a Ferrari, so no need to rush out and buy yourself some humongously expensive hardware or anything. I'm going to assume you're able to install Ubuntu Server for yourself here. Hint, it's probably wise to install OpenSSH, since this makes administrating your system a lot easier.
Then download my installation script, on your server, with the following command, in a Terminal window.
This will download a file called "install.sh" from my GitHub account. Feel free to use e.g. Nano to look at the file, but all it really does is to install Apache, Mono, MySQL, in addition to downloading the Phosphorus Five core. When it has downloaded the P5 core, it'll show you the file's SHA1 checksum, and ask you if you'd like to proceed. Just answer "y" here, and the rest of the process is automated. Notice, the installation script is "greedy," and will delete anything you've got in your existing /var/www/html folder - so don't run it on a system where you have other things from before in your Apache HTML folder at least. When you're done, find your server's LAN IP address with something like the following:
ifconfig | grep addr
The above will return your server's local LAN IP address, which you can paste into some browser, on another client on your LAN.
The setup of Phosphorus Five requires you to type in a "server salt." This is a random string, used to, among other things, hash your passwords on the system. Just type in some random characters here, and try to make your value at least some 50-100 characters long, to increase the entropy of your system. Afterward, give the system a strong "root" password. The root account in P5 has extended rights, so it might be wise to make sure your password is strong.
Then visit the "Bazar" and choose "Sulphur Five," and click "Yes" to install it. When you have installed it, you're brought back to your "Desktop," which is kind of the desktop of your Phosphorus Five operating system, which is a virtual web operating system, running inside of Apache, on your Linux box. And congratulations, you've now got a secure file sharing system setup, from within your living room, on a 1010-year-oldaptop.
Securing Your Linux Server
At this point, it might be wise to choose a domain, or a sub-domain, maybe something you've got laying around from before, and create a new DNS "A" record, pointing to your external IP address. I wrote another article, similar to this one a couple of weeks ago, which you can see the details of how to open up your router, and create a DNS record, and install an SSL certificate in your Apache server. Feel free to check out that article for some more details in these subjects.
Then, crucially: Make sure you get an SSL certificate, by visiting the amazingly cool guys over at Let's Encrypt! This step is CRUCIAL if you enjoy having your privacy! The installation process of your own personalised SSL certificate, is literally a 2 liner, and is the most important part in this process, that actually makes your system cryptographically secured! This is normally often wise to do after you've chosen a domain, or sub-domain for your server though - since the SSL certificate will be associated with your domain/sub-domain.
Now, you can finally access your system over the WAN, or "internet." The system works perfectly on any device, iPhone, Android, iPad, Mac or Windows - and it allows you to share files, either publicly, protected, or privately.
Notice: A publicly shared file will become available for anyone in the world. A protected file will only be accessible for other users in your P5 installation, and a private file will only be accessible for you. Below is a screenshot of how my system looks, which you're free to visit if you like. Notice how I have only shared one file publicly, but still there are three files in my system. If you try to access any of the files you don't have access to, you'll be served an "access denied" page. Below is a screenshot of my own personal file vault.
The "desktop" of Phosphorus Five should resemble something like the following.
Notice how I have installed the "Peeples" module, which allows me to create multiple users in my system. Unless you want to only use the system for yourself, you might benefit from adding this module too - which allows you to create multiple user accounts in your system, to allow others to upload, and/or download "protected" files. If you choose to share files as "protected,", and you create a bunch of user accounts in your system, everyone having a username and password to your box, can easily access, and/or upload, protected files. Below is a screenshot of how the "Peeples" module looks.
If you want to allow other users to also upload files to your Sulphur Five installation, you would have to edit your settings, which can be done by clicking the "cog" icon at the top/right corner of Sulphur Five. Make sure you choose "Registered users," unless you want to create a "dropbox" where unregistered and registered users alike can drop files - which you probably don't since it would allow any random visitor to "drop files" into your server. You can choose if you want to only allow "root" accounts to upload files, all registered users, or even publicly visiting guests for that matter. Probably the most interesting value here, for most users, would be "Registered users." This is the setting value that allows your friends to share files privately with you and each other. This would probably be the most interesting setting for a home installation, and/or a corporation, looking to secure their file sharing system.
As you upload files, by default they become "private." This means that only the user who uploaded the files can download them. To edit a file, click the "pencil" icon on your files after having uploaded them, and change their settings accordingly.
Notice how the editing of files also allows you to associate a name and description with your file(s). This is meta information about your file, which allows others to see some basic information about your files, before they download them. The description also supports #hash_tagging of files, in addition to some of the more basic Markdown syntaxes (a subset). This allows you to organize your files according to what they're about, by intelligently using #hash_tags for your files. There is no "folder" support in the system, but it is entirely based upon the idea of "hash tagging" files instead.
To upload a file, either drag and drop one or more files unto the surface of Sulphur Five, or click the upload button, in the top/right corner of your screen.
For the record, Sulphur Five is still in BETA, and not intended for production usage quite yet. But I would love to get feedback on it from users actively particpating, and wanting to test it out.
The whole shebang is Free Software and Open Source. Its architecture is based upon .NET/Mono, upon which I have created my own programming language called "Hyperlambda," and the source for everything can be found by seeking out my GitHub account. I am highly interested in feedback from active users about feature requests, bug requests, etc.
Opinions expressed by DZone contributors are their own.