I am currently trying to build a project (self-learning) which essentially is a website for sharing files (between two users). I want to encrypt a file (pdf) using ECIES (primary objective) and then send it to another user. My questions are:
- How to encrypt a file at client-side?
- How to send an encrypted file to a server (which language/library/technology)
As my questions suggest, I am a beginner in web development.
As you're probably already aware, you won't get much use on a website like that as it's really difficult to prove you're not performing a MITM attack. That said from a cryptography point of view the tech you should use/investigate is:
ephemeral:ephemeral elliptic curve Diffie-Hellman, using a strong curve with fast, constant time scalar multiplication such as
curve25519/x25519, deriving a shared secret which can be used (by hashing thexco-ordinate with a strong hash function such asSHA-256,SHA-3orBlake2b).using the key agreed in step one, encrypt with a strong authenticated symmetric cipher such as
ChaCha20-Poly1305.There are tonnes and tonnes of options, perhaps if you wanted to try being decentralised, the website could help route users to each others public keys on IPFS.