Wormhole: transfer files securely over the internet
There are those who use Dropbox / Mega / Google Drive, who the classics e-mail, who the encrypted emails, spend SSH / SCP and who still le USB flash drives. Exchanging files today requires a good dose of imagination and a more than careful sifting of alternatives, or we run the risk of falling into some error.
First of all it is necessary to evaluate the security of the means by which we want to transmit the information. Whether they are the photographs of the holidays or the Firefox preference files, let's ask ourselves if we would be calm if that data could be “beds” from someone else.
We also evaluate the size of the data to be transferred. A mail has a limited capacity dictated by the server / service manager (and it is necessary to check that the size is allowed by our manager and the destination one).
We evaluate the simplicity System, the intelligibility of the data that we will have to insert into the software. Not everyone is that good at writing hashes quickly, on the first try, without mistakes. And by simplicity we also mean the eventuality that it is necessary to open some ports on the router, firewall, receiving computer… having even a discrete knowledge of the network and its functioning may not be defined “simple”.
We evaluate the geographical distance between the sending point and the receiving point. We love our neighbor so much, but we will not exchange files with him alone.
Once we have evaluated all these aspects, we evaluate the use of Wormhole, that these weaknesses do not have them.
Wormhole is a small command line utility available for Linux (many distributions) and macOS (no windows). Wormhole permette, through an intelligible syntax, to forward any type of file, of any size, from the source computer to the destination computer without intermediaries. Oh, and… I already said it is open source?
Wormhole's operation on the web is broadly that of NetCat on the LAN. You may be interested in an article where I talked about NetCat.
For such a lightweight python application, what it does is truly out of this world. As with NetCat, you just need to launch the relevant command on the server, accompanied by the location of the file to be forwarded, and run the command “reception” on the client to start the download. It is longer to explain than to do.
Server (the computer where the file to be forwarded resides)
~$ wormhole send README.md Sending 7924 byte file named 'README.md' On the other computer, please run: wormhole receive Wormhole code is: 7-crossover-clockwork Sending (<-10.0.1.43:58988).. 100%|=========================| 7.92K/7.92K [00:00<00:00, 6.02MB/s] File sent.. waiting for confirmation Confirmation received. Transfer complete.
Client (the computer that will receive the file)
~$ wormhole receive Enter receive wormhole code: 7-crossover-clockwork Receiving file (7924 bytes) into: README.md ok? (y/n): y Receiving (->tcp:10.0.1.43:58986).. 100%|===========================| 7.92K/7.92K [00:00<00:00, 120KB/s] Received file written to README.md
The interesting thing is the generated key: in this case two terms and a number. Something simple to write or say (in case we were on the phone). Wormhole Codes are disposable, so when you have used it (or you won't have used it) the code will be lost.
With Wormhole you can forward files or directories. Directories are compressed before forwarding.
It will be safe?
Short answer: “you”.
Long answer: Wormhole uses PAKE (Password Authenticated Key Exchange) to encrypt data (the SPAKE2 algorithm).
The wormhole library requires a “Rendezvous Server”: a simple relay based on WebSocket that delivers messages from one client to another. This allows Wormhole codes to omit IP addresses and port numbers. The URL of a public server is entered in the library to be used by default and will be available until the volume or abuse makes it impossible to support.
File transfer commands use a “Transit Relay”, which is another simple server that joins two incoming TCP connections and transfers data to each other. The Wormhole file sending mode shares the IP addresses of each client with the other (within the encrypted message) and both clients first try to connect directly. If it fails, they go back to using the transit relay.
If it's still not clear, I recommend watching Brian Warner's speech at PyCon del 2016 in which we speak almost exclusively of safety.
With major distributions it will be quite easy to search for the package “
magic-wormhole” within the repositories. Those who cannot find it in the repositories of their distribution can try with
~$ sudo snap install wormhole
For more information the project Wormhole is hosted on GitHub.