{"id":14956249,"url":"https://github.com/inevolin/ipfs-file-encryption","last_synced_at":"2025-10-15T00:37:57.806Z","repository":{"id":50398110,"uuid":"385369690","full_name":"inevolin/ipfs-file-encryption","owner":"inevolin","description":"This repo shows how to encrypt files prior to uploading them to IPFS. Similarly it can decrypt and download these files. The solution uses both RSA and AES encryption algorithms to achieve maximum security.","archived":false,"fork":false,"pushed_at":"2021-07-12T20:05:54.000Z","size":41,"stargazers_count":30,"open_issues_count":1,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-10-01T17:43:58.269Z","etag":null,"topics":["cryptography","encryption","interplanetary-file-system","ipfs","ipfs-api","ipfs-encryption","p2p"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/inevolin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-12T20:05:28.000Z","updated_at":"2025-06-01T14:30:07.000Z","dependencies_parsed_at":"2022-09-04T04:23:08.495Z","dependency_job_id":null,"html_url":"https://github.com/inevolin/ipfs-file-encryption","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/inevolin/ipfs-file-encryption","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inevolin%2Fipfs-file-encryption","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inevolin%2Fipfs-file-encryption/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inevolin%2Fipfs-file-encryption/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inevolin%2Fipfs-file-encryption/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/inevolin","download_url":"https://codeload.github.com/inevolin/ipfs-file-encryption/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/inevolin%2Fipfs-file-encryption/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279032438,"owners_count":26089384,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","encryption","interplanetary-file-system","ipfs","ipfs-api","ipfs-encryption","p2p"],"created_at":"2024-09-24T13:12:35.857Z","updated_at":"2025-10-15T00:37:57.773Z","avatar_url":"https://github.com/inevolin.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IPFS File Encryption in NodeJS\n\nThis repo shows how to encrypt files prior to uploading them to IPFS. Similarly it can decrypt and download these files. The solution uses both RSA and AES encryption algorithms to achieve maximum security.\n\n## installation\nDownload and install IPFS CLI: https://docs.ipfs.io/install/command-line/#official-distributions\n\nInit IPFS: `ipfs init`\n\nStart IPFS: `ipfs daemon`\n\nRun the following in another prompt:\n```\ngit clone https://github.com/healzer/ipfs-file-encryption.git\ncd ipfs-file-encryption\n\nnpm install\n\nnode index.js\n```\n## usage\n\n### webUI\nIPFS has a webUI located at http://localhost:5001/webui/\n\n### file upload and download functions\nUse the provided `_testing()` function to test and verify these features:\n\n```JS\nasync function _testing() {\n const file = 'package.json' // file to upload\n const ipfspath = '/encrypted/data/' + file // ipfspath\n \n // upload to ipfs path\n await uploadFileEncrypted(file, ipfspath)\n \n // download from ipfs path\n const dl = await downloadFileEncrypted(ipfspath)\n \n // to buffer\n const buff = Buffer.from(dl, 'hex')\n\n // save buffer to file\n const outfile = ipfspath.replace(/\\//g, '_');\n console.log('writing:', outfile)\n fs.writeFile(outfile, buff, function(err) {\n if (err) throw err;\n })\n}\n```\n### file browser\nVisit http://localhost:3000/ to see all the uploaded files. Clicking the filename will decrypt and download that file.\n\n### config\nYou may want to change these variables in `index.js` depending on your environment:\n\n`ipfsEndPoint (default: 'http://localhost:5001')`\n\n`rest_port (default: 3000)`\n\n### cryptography\n\nThe encryption strategy uses both RSA and AES to achieve maximum security.\nEncrypting a file for upload is done as shown on the diagram below, all of this happens in-memory.\nFor very large files you may want to do this on-disk instead (e.g. using pipes).\n\n![file forward encryption](/assets/imgs/ipfs_encrypt.png?raw=true)\n\n*note: The 16 byte key and 8 byte IV values are converted to hex and result in a 32 byte key and 16 byte IV as required by the AES encryption algo.*\n\nThe output file consists of a header, RSA encrypted key + IV, and the AES encrypted data of the original file.\n\nDecrypting the file happens in a similar fashion:\n1. Downloads the file (in-memory).\n2. Extracts the encrypted key from the header.\n3. Decrypts the key using your RSA private key.\n4. Extracts the IV value from the header.\n5. Decrypts the file data using the decrypted key from step 3 and the IV value.\n\n#### notes\nWe use both RSA and AES algorithms: RSA can only encrypt a limited amount of data, no longer than its key size, thus we use it to encrypt the AES's secret key. Then the symmetrical AES strategy is used for encrypting potentially large amounts of data, i.e. the file's data itself.\n\nYou could use AES solely as well for simplicity reasons. However the advantage of having RSA included is that we can generate many RSA decryption keys (= private keys) for end-users whilst having only one encryption key (= public key); instead of sharing just one key with all of the users.\n\nFurther developments are definitely possible and in some cases encouraged.\n\n## Contact\n\nFor enquiries or issues get in touch with me:\n\nName: [Ilya Nevolin](https://www.linkedin.com/in/iljanevolin/)\n\nEmail: ilja.nevolin@gmail.com\n\n## Q\u0026A\n```\nQ: How would you solve sharing these encrypted images with\n a friend via a public link?\n \nA: This REST service can be hosted on a cloud server.\n Once can access the API, and thus download files as such:\n http://\u003cIP, domain, localhost\u003e:PORT/api/file/encrypted/data/\u003cfilename\u003e\n Decryption is being handled by the REST service.\n \n \nQ: How would you improve the key management?\n\nA: In the current state anyone can access, download and decrypt the data.\n A secure solution will need to authenticate and authorize users.\n Whereby each user has its own private key for decrypting the data.\n \n This can be done using accounts (login / dashboard pages):\n - user creates an account (username and password OR using third-party auth like Google/Github/...)\n - a private key will be generated for the account\n * a database system should be utilized\n \n Another solution would be to store the private key in the browser's local storage.\n The key will then be provided to the API.\n Some web portal will have to be built for this as well.\n note: both solutions should be served over HTTPS/SSL\n \n \nQ: How would you compare and contrast HTTP with p2p protocols\n like IPFS and BitTorrent in terms of performance and availability?\n \nA: IPFS dominates over bittorrent in terms of availability and performance.\n Due to content-addressing it prevents file duplication.\n \n Individual file(s) can be easily downloaded from some \"source\";\n whereas with BitTorrent one has to create a \".torrent\" file, submit it to tracker(s) and seed it.\n \n IPFS on the other hand is much faster on making files available for sharing.\n IPFS files can be distributed and load-balanced, making it a perfect CDN solution.\n This isn't possible with BitTorrent at all.\n \n File-streaming works out of the box over HTTP in IPFS.\n Whereas streaming in BitTorrent is a paid feature.\n \n Large files are being chunked/sharded in IPFS.\n So one can download chunks from different nodes and maximize bandwidth usage.\n This is both done in IPFS and BitTorrent.\n \n BitTorrent has a high barrier to entry for new people trying to share files.\n Whereas IPFS easily integrates to a drag-and-drop interface.\n \n With IPFS one chooses which files he/she wants to \"seed\".\n While BitTorrent requires you to seed all files within the torrent.\n * BitTorrent clients did improve over the years,\n it is possible to download file subsets,\n and it may be possile to seed file subsets.\n \n IPFS works over HTTP REST, whereas torrents only work over the BitTorrent protocol.\n This makes it harder for the community to build p2p apps/services/solutions.\n \n \nQ: How would you improve BitTorrent protocol if you had a chance?\n\nA: Focus on simplicity and community:\n - simplify the protocol / architecture\n - build it on HTTP REST.\n This way the community can innovate at a much faster pace.\n \n \n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finevolin%2Fipfs-file-encryption","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finevolin%2Fipfs-file-encryption","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finevolin%2Fipfs-file-encryption/lists"}