Skip to main content

CryptnDrive

CryptnDrive from Lybero.net is a web server software for storing, sharing and transferring files and texts in an encrypted way without any software installation on users' machines.

It can be used in several ways: by registering on our demo instance https://drive.lybero.net where we guarantee storage of information for only 1 month, via an instance that Lybero.net installs and administers on your behalf, or via an instance installed by another organization (e.g. yours).

All encryption is done end-to-end, via a javascript encryption in the browser for the information. The information is stored in a mongodb database. The central web server is extremely passive, it receives and stores information, synchronizes the information with the clients' browsers and sends notifications. It has no information processing function.


Authentication is done in a flexible way, either autonomously or via oauth2 (Google, ...). Public keys are stored on the file server, private keys are stored encrypted with the users passphrase and are only decrypted in the browsers.

Each file vault is encrypted with a specific AES256 key. The AES key is itself encrypted with the public key of each user who has access to the share.

The sharing of a file repository, and therefore its transfer, can take place between people registered in the system, or not yet registered, or with a collection group that we call a quorum group.


When a repository share is made with a quorum group, members of the quorum group cannot access the repository. However, they can invite third parties (registered or not). If an invited third party accepts the invitation and a quorum (e.g. 3 out of 5) accepts their access, the guest will be able to access the vault. There is therefore a strict (cryptographic) separation between access authorisation and access to information. At no time can a member of the quorum (which we call a secrecy administrator) access the decrypted information, and until the quorum accepts it, the guest cannot access the information either (it remains encrypted). This mechanism offers both security in numbers and flexibility for organizations. It allows the functional procedures for accessing information to be reproduced cryptographically.

This manual is divided into 3 main parts: