Hashdrop is a CLI tool that encrypts files locally before uploading, ensuring the server never sees your actual data.
I've built a CLI tool called Hashdrop in Go that addresses a fundamental problem with most cloud storage services: they encrypt your files on the server, meaning the server itself can potentially read them. Hashdrop flips this model by encrypting files on your machine before they ever leave it.
How it works
Each file gets its own unique Data Encryption Key (DEK), encrypted with AES-GCM. Only the encrypted blob is uploaded to the server - the server never sees your actual data. This means even if the server is compromised, your files remain secure.
Two modes for different needs
Vault-mode (default): The DEK for each file is managed automatically in a local encrypted vault (~/.hashdrop/vault.enc). This gives you strong encryption without having to manage your own keys.
Passphrase mode: For users who prefer full control, there's a separate mode where you manage the keys yourself.
Sharing and security
Sharing is simple - anyone you share the link and key with can download and decrypt the file on their end. The security model ensures that without the proper key, the encrypted blobs are just random data to anyone intercepting them.
Try it out
You can find the code on GitHub and documentation at hashdrop.dev. The tool is designed to be straightforward to use while providing enterprise-grade security.
I'd love to hear your feedback - any thoughts on the approach, potential use cases, or features you'd like to see? The project is open to contributions and suggestions.
Docs: hashdrop.dev | Code: GitHub
Comments
Please log in or register to join the discussion