Horizon Send is a secure file sharing service that uses zero-knowledge end-to-end encryption to protect your files.
Horizon Send uses libsodium-wrappers to encrypt files and associated metadata with AEAD XChaCha20-Poly1305 secret stream.
- Bob selects a file in the menu.
- Client grabs all the data about the file, such as contents, file name and mime-type.
- Client generates a random XChaCha20 secret stream key.
- Client hashes key with Argon2id13 with a cryptographically random salt.
- Client encrypts file data and metadata with the key.
- Client uploads the encrypted file and metadata to the server with the Argon2id13 hashed key for server-side validation.
- Client converts the key and salt to base64 and appends it to the download endpoint via URL fragment (which the browser does not send to the server).
- Bob copies the URL and sends it to Alice.
- Alice visits the URL and clicks "Download".
- Client grabs the key and salt from the URL fragment.
- Client hashes the key with Argon2id13 with the salt.
- Client requests the encrypted file and metadata from the server by passing along the hashed key.
- Client decrypts the file and metadata with the key.
- Client saves the file to disk.
Once you've created a project and installed dependencies with npm install (or pnpm install or yarn), start a development server:
npm run dev
# or start the server and open the app in a new browser tab
npm run dev -- --openTo create a production version of your app:
npm run buildYou can preview the production build with npm run preview.
To deploy your app, you may need to install an adapter for your target environment.