Encryption key in URL

Mozilla does not have the ability to access the content of your encrypted file, and only keeps it for the time or number of downloads indicated

Anyone you provide with the unique link (including the encryption key) to your encrypted file will be able to download and access that file.

Wtf? URL that contains the encryption key is stored on the Mozilla servers along with file. Thus, they have full access to the uploaded information. To ensure privacy, key must be transmitted through another communication channel. But even in this case it is difficult to detect a possible key leakage.

As far as I know, the key is not stored with the URL as it’s a hash param. I would need to check the code further, don’t have time for that right now though.

You can find the code here: github.com/mozilla/send

I was curious so I took a closer look. Files are first encrypted and then uploaded. The link that gets generated includes the encryption key (the part after the hashtag), and doesn’t get sent out.

Furthermore, http requests will not include data after the hashtag, so Mozilla (nor anyone else) will be able to see the encryption key if you visit the website.

Of course there are other things to consider:

  • How the url is sent to others must be secure
  • There is implicit trust that the webpage for downloading and encrypting the file, although coming from Mozilla, is not tampered with.

Suggestions for the paranoid:

  • Have your own local copy of the download page so you know it has not been modified

In summary, looks like a nice solution for a lot of people!

Interesting concept.
How is the recipient ensured that the data that was downloaded is authentic?

Thanks in advance.

PC88

How is the recipient ensured that the data that was downloaded is authentic?

The encryption used is AES-GCM, which ensures that the data can not be tempered with.

Unfortunately…

There could be a big hole in the use of this.

The hole is in link(s) swap(s) by man in the middle attack(s) superimposing a new link

with altered data received by the recipient. AES-GCM would work on altered data with

a silent false positive!

  • Regards

PC88

P.S.
AES-GCM is sub-standard to authenticating using SHA-256 or greater.

…yes maybe slower but not better.

Came here because I was thinking, “How is this secure if I’m going to email a link to somebody?” Email not being particularly secure if sent in open text. So somebody snags the URL and downloads the file before the intended recipient gets to it.

What’s everybody else’s preferred way of sharing a link or some other sensitive bit of information with another?

I would use an end to end encrypted messaging app to send the link around.

Malk,

It is always best to encrypt your data first before sending.

fabrice’s suggestion is good and helps avoid man in the middle attack(s).

PC88