1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
// NymDrop — client-side encryption via WebCrypto API.
// No external libraries. Plaintext never leaves the browser.
// Server's X25519 public key — replaced at deploy time.
const NYMDROP_PUBKEY_HEX = "6aa99a672c48cb8eee65ddd5c5e5f8947a8d52d39a8b8eb4e11b15c87fe49038";
async function hexToBytes(hex) {
const bytes = new Uint8Array(hex.length / 2);
for (let i = 0; i < hex.length; i += 2)
bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
return bytes;
}
async function encryptPayload(plaintext) {
const serverPubBytes = await hexToBytes(NYMDROP_PUBKEY_HEX);
// Generate ephemeral X25519 keypair for this submission.
const ephemeral = await crypto.subtle.generateKey(
{ name: "ECDH", namedCurve: "X25519" },
true,
["deriveKey", "deriveBits"]
);
// Import server's X25519 public key.
const serverKey = await crypto.subtle.importKey(
"raw",
serverPubBytes,
{ name: "ECDH", namedCurve: "X25519" },
false,
[]
);
// ECDH key agreement → 32-byte shared secret.
const sharedBits = await crypto.subtle.deriveBits(
{ name: "ECDH", public: serverKey },
ephemeral.privateKey,
256
);
// Derive AES-GCM-256 key via HKDF-SHA-256.
const hkdfKey = await crypto.subtle.importKey("raw", sharedBits, "HKDF", false, ["deriveKey"]);
const aesKey = await crypto.subtle.deriveKey(
{
name: "HKDF",
hash: "SHA-256",
salt: new Uint8Array(32),
info: new TextEncoder().encode("nymdrop-v1")
},
hkdfKey,
{ name: "AES-GCM", length: 256 },
false,
["encrypt"]
);
// Encrypt plaintext.
const iv = crypto.getRandomValues(new Uint8Array(12));
const ciphertext = await crypto.subtle.encrypt(
{ name: "AES-GCM", iv },
aesKey,
new TextEncoder().encode(plaintext)
);
// Export ephemeral X25519 public key (32 bytes raw).
const ephemeralPubRaw = await crypto.subtle.exportKey("raw", ephemeral.publicKey);
// Packet layout: ephemeral_pub(32) + iv(12) + ciphertext
const packet = new Uint8Array(32 + 12 + ciphertext.byteLength);
packet.set(new Uint8Array(ephemeralPubRaw), 0);
packet.set(iv, 32);
packet.set(new Uint8Array(ciphertext), 44);
return packet;
}
document.getElementById("drop-form").addEventListener("submit", async (e) => {
e.preventDefault();
const status = document.getElementById("status");
status.className = "";
status.textContent = "Encrypting...";
try {
let plaintext = document.getElementById("message").value;
const fileInput = document.getElementById("file");
if (fileInput.files.length > 0) {
const fileBytes = await fileInput.files[0].arrayBuffer();
const fileB64 = btoa(String.fromCharCode(...new Uint8Array(fileBytes)));
plaintext += "\n---FILE:" + fileInput.files[0].name + "---\n" + fileB64;
}
const encrypted = await encryptPayload(plaintext);
const resp = await fetch("/submit", {
method: "POST",
headers: { "Content-Type": "application/octet-stream" },
body: encrypted,
});
if (resp.ok) {
document.getElementById("drop-form").reset();
document.getElementById("filename").textContent = "";
status.textContent = "Delivered. No record of this submission exists on the server.";
} else {
status.className = "error";
status.textContent = "Delivery failed. Try again.";
}
} catch (err) {
status.className = "error";
status.textContent = "Encryption failed: " + err.message;
}
});
|