The Crypto Bone

privacy and secure communication
under your control

    

Welcome to SAFE WEBDROP MESSAGE EXCHANGE

Safe Webdrop Code

The Safe Webdrop Protocol has been implemented in pure bash.

You can get the complete code base here or inspect the files separately:

You can also clone the software with git:

git clone https://safewebdrop.com/git/safewebdrop.git

The code consists of three parts

The Server-Side Code

If you are interested in providing the SafeWebdrop service to your users, you'll only need to place the eight cgi-bin bash scripts in you server's cgi-bin directory and create a home for the SafeWebdrop users in "home/safewebdrop". You'll find a template in the server-side code that you can move to "/home". Please make sure, that all scripts are owend by your webserver user, which may as well be "apache".

The Test Scripts

Once, you have the server-side code sorted, the SafeWebdrop service is ready to run by users. But you may wish to test the functionality yourself. Place the tests scripts on an internet connected computer and change into the bin directory. You can test everything from there. Please consult the README-administrator file for examples.

The CryptoBone Scripts

The SafeWebdrop code was originally developed to enhance the CryptoBone project with a new secure alternative means of exchanging encrypted messages and attachments. So the files in the client directory are the scripts that are actually used in the CryptoBone release 1.6. All secrets that are needed to run a secure end-to-end message exchange project must be protected as much as possible, which is not an easy task.

In the CryptoBone Software a separate daemon process is designed to safeguard all secret information, so that an understanding of the cryptoboned daemon is required to assess the client-side code.

Anyway, the SafeWebdrop message exchange can be used as a foundation for your own projects. You can use it freely as all code is licensed under a liberal BSD license.

Code Review

Of course the SafeWebdrop Code needs thorough code review. So if you are willing to support a non-comercial open source project with security in mind, you are welcome to inspect the source code and report your comments and findings of your code review.