File transfer server with PIN and encryption
Project description
File Transfer Server
Flask app for uploading and downloading files over the web. Optional PIN protection and per-folder encryption keep your files private.
Quick Commands
pip install inert-transfer
inert # starts the server on port 8069
inert <port> # starts the server on the specified port
inert status # shows the status of the server
inert stop # stops the server
inert -h # shows the help menu
Setup
pip install -r requirements.txt
python server.py
Runs at http://0.0.0.0:8069 (port 8069, all interfaces). Use python server.py 80 for port 80 or python server.py <port> for a custom port.
Set FLASK_SECRET_KEY in the environment for production (needed for session/PIN unlock).
How it works
- Home (
/) — Upload: choose files, then click Upload. Progress bar shows while uploading. - Uploads (
/uploads) — List folders (one per client IP). Open a folder to list files; click a file to download. - Files are stored under
uploads/<client_ip>/. Client IP is taken from the request (or fromX-Forwarded-For/X-Real-IPwhen behind a proxy). - WebSocket — Echo endpoint at
/websocket.
Folder PIN protection
Folders are public by default. You can protect your own folder (the one matching your IP) with a PIN.
- On Uploads, your folder has a ⋯ (three dots) menu. Click it to open a popup.
- Set a PIN — Choose a PIN (at least 4 characters). Only people who know the PIN can open the folder or download files. You must enter the PIN too when you open the folder (once per browser session).
- Change PIN — Open the folder and enter the current PIN first, then use the ⋯ menu and enter a new PIN.
- Remove PIN — Open the folder and enter the PIN first, then use the ⋯ menu and click “Remove PIN”.
PINs are stored hashed in uploads/.folder_pins.json (never in plain text).
Per-folder encryption (FEK protected by PIN)
When you set a PIN, the server also turns on per-folder encryption:
- FEK (folder encryption key) — A random key is generated for your folder. All files in that folder are encrypted with this key before being saved to disk.
- KEK (key encryption key) — Derived from your PIN (PBKDF2-SHA256, 100 000 iterations, per-folder salt). The FEK is encrypted with the KEK and stored in
uploads/.folder_pins.json. - Unlock — When you enter the PIN, the server derives the KEK, decrypts the FEK, and keeps it in the session so you can upload and download without re-entering the PIN until the session ends.
So: data on disk is encrypted; only someone who knows the PIN can decrypt. Changing the PIN re-encrypts files with a new key; removing the PIN decrypts all files and removes the PIN.
Inside a .folder_pins.json
{
"192.168.2.9": {
"hash": "pbkdf2:sha256:1000000$RwEyBZC3Fdl2JkDD$5b063b6cbcaa1f26b8825bafdbe978f1ae1d0177526597f52ee22a3e8235f737",
"salt": "/AFOGJENcr4VXstcR2aYNQ==",
"encrypted_fek": "Z0FBQUFBQnBvYkNROXJjblBvYVhRQUZReUVWUnk5ZjNfdGF2SlZCMTRLS2tVMXREMmxVbWRLT3hUVGlLcFRMT0ZVMHhvYXJPSHFIcE9DclVHZDNqdHFsZ2FGTFZMNTN3T3NHYThWX1J1SnJlSDBsdzI5ZS1EZnZtZDN0SVlNUkVpTkFFV19xQjJSNVU="
}
}
Flow summary
| Action | What happens |
|---|---|
| Set PIN | New FEK created, encrypted with KEK from PIN; all existing files encrypted with FEK; FEK stored in session. |
| Unlock | PIN checked → KEK derived → FEK decrypted → stored in session. |
| Upload | If folder is encrypted and session has FEK, file content is encrypted with FEK before saving. If encrypted but no FEK in session, you must open the folder and enter PIN first. |
| Download | If folder is encrypted, file is decrypted with FEK from session and sent. |
| Change PIN | Current FEK from session used to decrypt all files; new FEK/KEK created; all files re-encrypted. (Open folder and enter current PIN first.) |
| Remove PIN | FEK from session used to decrypt all files; PIN and encrypted FEK removed. (Open folder and enter PIN first.) |
Important notes
- Remove PIN / Change PIN — You must open the folder and enter the PIN in that session first. Then you can remove or change the PIN from the ⋯ menu.
- Wrong PIN attempt limit — After 9 wrong PIN attempts, a custom warning popup appears for the final attempt. If the 10th attempt is also wrong (and the user confirms), the folder is permanently deleted and its PIN details are removed from
uploads/.folder_pins.json. - Cross-PC / cache clear unlock — After entering the correct PIN, downloads are decrypted and PIN change/remove work, even on another PC or after clearing browser cache.
- Folder delete cleanup — Deleting a folder also removes that folder’s record from
uploads/.folder_pins.json. - Lost PIN — If the PIN is forgotten, encrypted files cannot be recovered (by design).
- Backward compatibility — Old PIN entries (hash only, no
encrypted_fek) still work as “PIN gate” only; new or changed PINs get full encryption.
Requirements
- Python 3.x
- See requirements.txt (Flask, Werkzeug, flask-sock, cryptography for encryption).
Author
Inert Tila
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
inert_transfer-0.2.1.tar.gz
(31.1 kB
view details)
File details
Details for the file inert_transfer-0.2.1.tar.gz.
File metadata
- Download URL: inert_transfer-0.2.1.tar.gz
- Upload date:
- Size: 31.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7672d1b0ba21048870329f5ffe08f6c587b2c5530abaece6310c97d904de2787
|
|
| MD5 |
660e2afd7e6d53ca866286be8bf7c1c1
|
|
| BLAKE2b-256 |
54f37cc6423d426b8f021f85f9410726980ddf4307882f8b82aec845cf07433e
|
