Recently Mozilla just announced the launch of the new file sharing service Firefox Send, which provides tools for sharing files between users using end-to-end encryption.
Initially, eThis service was tested as part of the Test Pilot program in 2017 and well now Firefox Send has been released for general use. The server part is written in JavaScript using Node.js and Redis DBMS.
The server code is hosted on GitHub under the MPL 2.0 license (Mozilla Public License), which allows anyone who wants to implement a similar service on the computer under control.
For encryption, the Web Crypto API and the AES-GCM block encryption algorithm are used (128 bits).
For each download, a secret key is first created using the crypto.getRandomValues function, which is then used to generate three keys: a key to encrypt a file using AES-GCM, a key to encrypt the metadata using AES-GCM, and a key of digital signature to authenticate the request (HMAC) SHA-256).
The encrypted data and the digital signature key is uploaded to the server and the secret decryption key is displayed as part of the URL.
When specifying a password, the key for the digital signature is generated as a PBKDF2 hash from the entered password and a URL with a fragment of the secret key (The password specified by the user is used to authenticate the request, that is, the server will only provide the file if the password is correct, but the password is not used for encryption.)
What is Firefox Send?
As mentioned at the beginning Firefox Send is a file sharing service the allow users be able to upload a file of up to 1 GB in anonymous mode (end-to-end encryption) or on the other hand offers up to 2,5 GB when creating a registered account for storage on Mozilla servers.
How does Firefox Send work?
On the browser side, the file is encrypted and it is transmitted to the server already in encrypted form. After downloading the file, the user receives a link that is generated on the browser side and includes an identifier and a key for decryption.
Using the link given to the user They can share it and the recipient downloads the file and decrypts it on their side.
One of the things that makes Firefox Send interesting and differentiates it from any other similar service, is that the sender has the ability to determine the number of downloads after which the file will be removed from Mozilla storage, as well as the lifespan of the file (from one hour to 7 days).
By default, the file is deleted after the first download or after 24 hours.
As well you can set a separate password to receive the file, allowing you to prevent access to confidential information if the link falls into the wrong hands (to increase protection, you can send the password separately from the link, for example, via SMS, you can also publish the link publicly and send the password only to selected users).
So basically Firefox Send allows us:
- Send a file up to 1GB
- If we are registered the file can be up to 2.5 GB
- Ability to determine how many times the file can be downloaded
- Limit the lifetime of the file from one hour to 7 days.
- A password can be set for file download
- End-to-end encryption
- The whole process is carried out from the web so it does not depend on any platform
The shipping service is not linked to Firefox and is prepared as a universal web application so it does not require embedding in browser plugins.
To work with the service, a specialized Android application has also been prepared, whose beta version will be uploaded to the Google Play catalog during the period of this week.
If you want to know more about it you can visit the following link.