
Show HN: Encrypted end-to-end file transfer - abemassry
https://github.com/abemassry/wsend-gpg
======
dsy
It looks nice and I wish you luck with it. A couple of tips (or nitpicks)
regarding wget-gpg:

> filename=$(echo "$1" | sed 's/\// /g' | awk '{ print $4 }')

1\. You could remove the sed, if you change the field separator:

    
    
      $(echo "$1" | awk 'BEGIN {FS="/"} {print $5}'
    

(this might be better for file names with spaces in them; though, if I
understand your use case, this will never happen, but you might need to deal
with space-to-%20 in wsend-gpg and then %20-to-space in wget-gpg...)

2\. Or you could just replace this with:

    
    
      filename=$(basename "$1")
    
    

> filenamed=$(echo "$filename" | sed 's/.gpg//')

3\. The problem that this cuts the _first_ occurrence of .gpg in the file
name, so nitpick.gpg.nitpick.gpg will become nitpick.nitpick.gpg instead of
nitpick.gpg.nitpick

To remove this substring from the end of the string, you can probably replace
the pattern with a greedy one or just use:

    
    
      filenamed=${filename%.gpg}
    

EDIT: previous related discussions:

[https://news.ycombinator.com/item?id=6083884](https://news.ycombinator.com/item?id=6083884)

[https://news.ycombinator.com/item?id=6158719](https://news.ycombinator.com/item?id=6158719)

[https://news.ycombinator.com/item?id=6179424](https://news.ycombinator.com/item?id=6179424)

I like your persistence and glad you finally made it to the front page. Good
luck.

------
psuter
This looks very useful. I had not realized it until now, but a CL-to-URL
upload/download service is something I always unconsciously desired.
Encryption is a nice bonus.

(My personal preference would be to deploy the service on my own VPS, though.)

~~~
b_emery
_something I always unconsciously desired_ Well put. I always imagined that
this was how email worked, until I looked at building an email server. Which
makes me think, why not build a simple 'email' like tool on top of this? (I'm
getting way outside my area of expertise here. There might be some very good
reasons that I'm not aware of.)

------
CountHackulus
End to end encryption, focus on security. Install is done by piping a script
you wget to bash.

~~~
sequoia
This same old boring, worn out comment? Let's just skip to the end, shall we?

A: omg you're piping curl to bash! so insecure!!

B: well wait a second, i) you can just curl the script & inspect it before
running it if you want ii) step-by-step install instructions still require
that you trust the source of the code and iii) how is installing a precompiled
binary any more secure? All scenarios short of personally auditing the source
code require you to trust someone.

A: Hmm ok well I guess so.

~the end~ This is how this conversation has gone down the last 5 times I saw
it. Can we please discuss the tool itself now?

------
Systemic33
I really liked the idea of registering through the CLI, really smoothly done!

Since you will probably iterate new versions fast and update, may I suggest
embedding an update checker into the program. Atleast until you get properly
setup in the different distro repo's.

------
lectrick
I submitted a pull request adding lots more security as well as BZIP2
compression for efficiency:

[https://github.com/abemassry/wsend-
gpg/pull/3](https://github.com/abemassry/wsend-gpg/pull/3)

------
kernel_sanders
I love how simple and relevant the idea is - great job!

------
dancecodes
AES256 ? its secure?

------
dancecodes
very cool - thanks

please provide ebuild and add to gentoo portage

