cyberrapists/cg_api_secure-webshare
SHA256
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Additional Bug fixes

Browse Source
This commit is contained in:
unknown
2026-05-22 11:50:59 +02:00
parent 10bfdfb914
commit a0f7efcd34
12 changed files with 372 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/ARCHITECTURE.md
View File

@@ -1,6 +1,6 @@
# Architecture & Design Decisions
This document explains the deeper design choices behind cg.cx the trade-offs, threat models, and engineering rationale that shaped the system.
This document explains the deeper design choices behind cg.cx - the trade-offs, threat models, and engineering rationale that shaped the system.
---
@@ -9,11 +9,11 @@ This document explains the deeper design choices behind cg.cx — the trade-offs
We chose **XChaCha20-Poly1305** (via libsodium's `crypto_secretstream_xchacha20poly1305`) as the bulk encryption primitive for several reasons:
1. **Nonce-misuse resistance**: AES-GCM's security collapses catastrophically if a nonce is ever reused. XChaCha20 uses a 192-bit nonce, making accidental collisions statistically impossible even with billions of files. This removes an entire class of operator error.
2. **No hardware dependency**: AES-GCM performance relies heavily on AES-NI. XChaCha20 performs well on all platforms including older or virtualized CPUs where AES-NI may be unavailable or disabled.
2. **No hardware dependency**: AES-GCM performance relies heavily on AES-NI. XChaCha20 performs well on all platforms - including older or virtualized CPUs where AES-NI may be unavailable or disabled.
3. **Streaming integrity**: libsodium's `secretstream` API provides built-in chunked authenticated encryption with `Message` and `Final` tags. This gives us streaming decryption with per-chunk integrity checks without inventing our own framing protocol.
4. **Simpler key management**: Because nonce collisions are not a practical concern, we can generate a fresh random key for every file without tracking nonce counters or key lifecycles.
AES is still present in the system we use **AES-256-KW** (Key Wrap) to encrypt the per-file content keys (CEKs) with the master key. AES-KW was chosen because it is a standard, deterministic, and widely audited key-wrapping algorithm with built-in integrity.
AES is still present in the system - we use **AES-256-KW** (Key Wrap) to encrypt the per-file content keys (CEKs) with the master key. AES-KW was chosen because it is a standard, deterministic, and widely audited key-wrapping algorithm with built-in integrity.
---
@@ -22,7 +22,7 @@ AES is still present in the system — we use **AES-256-KW** (Key Wrap) to encry
For a self-hosted, single-tenant service handling encrypted file metadata, **SQLite** is the correct default:
1. **Operational simplicity**: No separate database server to install, upgrade, or network-secure. A single `.sqlite` file is trivial to back up, replicate, or inspect.
2. **WAL mode performance**: With `PRAGMA journal_mode = WAL`, SQLite handles concurrent readers and a single writer efficiently enough for a bot + web server pair.
2. **WAL mode performance**: With `PRAGMA journal_mode = WAL`, SQLite handles concurrent readers and a single writer efficiently - enough for a bot + web server pair.
3. **Schema simplicity**: The schema is small (5 tables, 2 migration files). The overhead of a client/server RDBMS is unjustified.
4. **Deployment footprint**: Ideal for running on a small VPS or even an embedded edge device without container orchestration.