brew install ZinoKader/homebrew-portal/portalEither get the latest release and install it manually, or run
curl -s https://raw.githubusercontent.com/ZinoKader/portal/master/scripts/install.sh | bashif permission denied for moving the files to /../bin, replace " | bash" with " | sudo bash"
(the script is in the repo, so you can check it out before you blindly trust in it!)
portal is a fast and secure file transfer utility for sending files from one computer to any other computer. All communication beyond the initial client handshake is encrypted. If the sender and receiver can reach each other directly, the file transfer involves no servers. Otherwise the file transfer goes through a relay server which facilitates the connection, but sees none of the data.
The file transfer starts by invoking the command from the sender side:
portal send <file1> <file2> <folder1> <folder2> ...The application will output a temporary password on the format 1-inertia-elliptical-celestial.
The sender will communicate this password to the receiver over some secure channel.
The receiver would then issue the command:
portal receive 1-intertia-elliptical-celestialThe two clients will connect to each other and transfer the file(s)/folder(s).
To make connection establishment possible, portal makes use of a rendezvous server. By default, a rendezvous server hosted at Digital Ocean is preconfigured, so you do not need to do anything. If you would like to host one on your own, build the server and start it with:
# specify port with -p or --port
portal-rendezvous --port 80
portal provides:
- End-to-end encryption using PAKE2 to negotiate a shared session-key
- Direct transfer of files if possible (e.g. sender and receiver are in the same local network)
- Fallback to a TURN-server (rendezvous-relay) for file transfer if the sender and receiver are behind NATs in different network
- Parallel gzip compression of files for faster and more efficient transfer
The connection between the sender and the server is negotiated using a intermediary server called portal-rendezvous. The portal-rendezvous server is used to negotiate a secure encrypted channel while never seeing the contents of files nor the temporary password.
The communication works as follows:
senderapplication connects torendezvous-serverrendezvous-serverallocates an id to the sender and sends over websocket to thesendersenderoutputs the password to the terminal, hashes the password and sends it to therendezvous-serverreceiverhashes the password (which has been communicated over some secure channel) and the sends it to therendezvous-server- When both the
senderand thereceiverhas sent the hashed password to therendezvous-serverthe cryptographic exchange starts, during which therendezvous-serverrelays messages from thesenderto thereceiveror vice versa - Once the cryptographic exchange is done, every message sent by the
senderandreceiveris encrypted, and therendezvous-servercannot decrypt them - Now two things can happen:
- Either the
senderandreceiverare behind the same NAT, in which case the file transfer will be directly between thesenderandreceiver. In this case, the connection to therendezvous-serverwill be closed - If they are not behind the same
NAT, the transfer will fallback to go through therendezvous-serverwhich will continue to relay encrypted messages until the file transfer is completed
- Either the
This was initially a project made for the course IK2218 Protocols and Principles of the Internet. We often used similar tools in our day-to-day and wanted to make our own!
Project members:
- Zino Kader
- Arvid Gotthard
- Anton Sederlin