{"id":50728215,"url":"https://github.com/safe-webdrop/safewebdrop","last_synced_at":"2026-06-10T06:01:47.497Z","repository":{"id":362043857,"uuid":"1000761069","full_name":"safe-webdrop/safewebdrop","owner":"safe-webdrop","description":"Secure https-based encrypted message exchange mechanism","archived":false,"fork":false,"pushed_at":"2026-06-02T10:15:24.000Z","size":67,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-06-02T11:23:11.138Z","etag":null,"topics":["aes-encryption","communication-protocol","file-transfer","https-request","https-server","openpgp","openssl","organisation-management","rsa-signature","secure-communication"],"latest_commit_sha":null,"homepage":"https://safewebdrop.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/safe-webdrop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-12T09:28:06.000Z","updated_at":"2026-06-02T10:15:28.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/safe-webdrop/safewebdrop","commit_stats":null,"previous_names":["safe-webdrop/safewebdrop"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/safe-webdrop/safewebdrop","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safe-webdrop%2Fsafewebdrop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safe-webdrop%2Fsafewebdrop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safe-webdrop%2Fsafewebdrop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safe-webdrop%2Fsafewebdrop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/safe-webdrop","download_url":"https://codeload.github.com/safe-webdrop/safewebdrop/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/safe-webdrop%2Fsafewebdrop/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34139182,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes-encryption","communication-protocol","file-transfer","https-request","https-server","openpgp","openssl","organisation-management","rsa-signature","secure-communication"],"created_at":"2026-06-10T06:01:36.891Z","updated_at":"2026-06-10T06:01:47.485Z","avatar_url":"https://github.com/safe-webdrop.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# safewebdrop\n## Secure https-based encrypted message exchange mechanism\n\nOriginally developed for the \u003ca href=\"https://crypto-bone.com\"\u003eCrypto Bone\u003c/a\u003e, \nthe \u003ca href=\"https://safewebdrop.com\"\u003eSafeWebdrop message exchange mechanism\u003c/a\u003e\ncan be adapted for a large number of projects that require secure, ie encrypted and\nauthenticated, message and file exchange.\n\nIt is a foundation for internal communication demands within an organisation that can be\nestablished with a minimal invasive software product on a server, that is already up and running\nand can be accessed via HTTPS.\n\nTo ensure true end-to-end encryption, it is absolutely necessary to start a secure message\nexchange with a shared initial secret that has been agreed on by two people in a personal contact.\nOnce two people have decided on such an initial secret, this initial secret must be protected\non their endpoint devices which is not easy to achieve.\n\nBut the exchange of AES encrypted messages and files must also be secured to make sure\nthat only the two legitimate people (sender and recipient) can access the encrypted data.\n\nThis secure message exchange is provided by the SafeWebdrop software in a specific way.\n\n\n## Principles of Secure Message Exchange \n\n*  Providing the SafeWebdrop service on a https-enabled server should be \u003cb\u003enon-invasive\u003c/b\u003e.\n   That means, it must not be necessary to have people, using the service, introduced as users on the server.\n   Unlike ssh the SafeWebdrop service creates only a single directory /var/safewebdrop/username,\n   nothing else.\n\n*  Every user is enabled only \u003cb\u003eif an administrator accepts a user's public RSA key\u003c/b\u003e that\n   the registration software on the user's endpoint device produces. For this to \n   happen, one personal contact between the user and the server administrator is required\n   in which the user presents a registration code to the administrator that is stored together\n   with his public key on the server.\n   The administrator will then run a script that creates the user's directory and copies\n   the public RSA key into it.\n   The administrator's involvement ends with the registration, everything else is done by\n   the \u003ca href=\"https://safewebdrop.com/source/safewebdrop-2.2/server\"\u003eserver scripts\u003c/a\u003e.\n   \n   Once registered, the user can avail of the SafeWebdrop service as long as the admin\n   does not delete their directory or RSA public key.\n\n*  Registered users receive \u003cb\u003ea SafeWebdrop address\u003c/b\u003e consisting of their user name and the\n   server's domain name (or IP address) separated with a %-sign. Those addresses look similar to\n   email addresses, (Alice.Johnson%example.com) but they are used over HTTPS to send\n   encrypted messages and files to other users on the same (local) server.\n   This https-based message exchange reduces the meta data that would be visible with an\n   ordinary encrypted email exchange.\n\n*  All interactions with the server (reading, writing, deleting) require that the requests\n   being sent to the server are \u003cb\u003esigned with the user's corresponding RSA private key\u003c/b\u003e,\n   which is stored (and protected) on the user's endpoint device. The SafeWebdrop\n   \u003ca href=\"https://safewebdrop.com/source/safewebdrop-2.2/client\"\u003eclient scripts\u003c/a\u003e \n   take care of this.\n\n*  If (and only if) the administrator of a SafeWebdrop service allows message exchange\n   to users on a different SafeWebdrop server, then the process of accepting a remote user's\n   public key is safeguarded by the initial secret, these two users have agreed on.\n   And on the fact that the remote administrator has accepted the other user's RSA\n   public key on his server.\n\n   Note, that no contact between the two administrators nor the use of any\n   PKI is involved to establish cross-server message exchange. \n   The conclusion of acceptance of a certain cross-server contact relies \n   entirely on the initial secret, both users have agreed on, which is part of the hash value\n   that triggers the storage of the remote user's public key by the server scripts.\n\n\n## Testing the Server-Side Software\n\nThe six server-side scripts are all coded in pure bash and won't interfere with the \nserver's orginal functionality. All messages that are stored and retrieved by users live under\na single directory /home/safewebdrop.\n\nYou can test whether or not all necessary server-side commands are already in place\nwith the test program check-server-utils on your server. And you'll find examples\nand advice how to test the functionality of the server-side code on your own server \nwith these \u003ca href=\"https://safewebdrop.com/source/safewebdrop-2.2/tests\"\u003etest scripts\u003c/a\u003e. \n\n## Using SafeWebdrop Exchange for Your Own Project\n\nOf course, the SafeWebdrop exchange mechanism can also be used as a foundation for your\nown projects. The server-side scripts need not be changed at all. \n\nBut you have to be extremely cautious when you are developing your own client-side code.\nIf you don't avail of the CryptoBone daemon to secure access to the message encryption keys,\nyou have to think hard how to safeguard the encryption keys that are used in your own code.\nThe secret, that protects the user's RSA private key must also be protected as much as \npossible, as every request is signed using this private RSA key. \n\nIn the client-side code you'll find lines like this\n```\nPASS=$(/usr/bin/echo \"get-element webdropsecret\" | /usr/bin/socat -t15 - UNIX-connect:$SOCK \n```\nthat retrieve secret information from the cryptobone daemon. If you don't want to use\n\u003ca href=\"https://crypto-bone.com/release/root/src/cryptoboned/\"\u003ethis daemon\u003c/a\u003e in your own code,\nyou need to take extra care to safeguard these secrets.\nFor details see the project's \u003ca href=\"https://safewebdrop.com/security.php\"\u003esecurity page\u003c/a\u003e.\n\n## Code Review\n\nEvery code review is most welcome, however in order to maintain the stability and reliability\nof the code base I will carefully vet any contribution and I may chose to rewrite it,\nadd comments and documentation, rather than taking it as is. \nNeedless to say that code changes will happen only after conclusion of extensive tests.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsafe-webdrop%2Fsafewebdrop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsafe-webdrop%2Fsafewebdrop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsafe-webdrop%2Fsafewebdrop/lists"}