Files are encrypted on your device before being uploaded to Nafue's secure cloud thus guaranteeing complete security and anonymity. Only the uploader knows the real contents of the encrypted document. The encryption used is the same authorized for securing US Government "Top Secret" Documents. It is estimated to take 30 years to break each file secured with this encryption.
Files are encrypted with a 256bit AES Encryption. The encryption cipher uses a PBKDF2 derived key generated from a password entered at the time of upload that exists only, client side, during entry; it is never transmitted, or saved. Salt and IV (Initialization Vectors) are stored separately from the encrypted file in a secured database that is cleared upon file retrieval.
The encrypted data is uploaded to Nafue's private cloud where it is further anonymized through a randomly generated link and given a lifespan of 24 hours. The link can be shared with anyone but, like the file, it only lasts 24 hours. Furthermore, after the first time the link is accessed both the file and link are complete deleted and purged from the Nafue private cloud. Thus, guaranteeing that only a single person has access to the encrypted file.
It is mathematically improbable that the one-time link could be discovered or intercepted by an attacker. Regardless, the Nafue system protects against this in a couple ways. First, the file is still encrypted which would take the attacker a minimum of 30 years to break; so it's useless to them. Second, the intended receiver will receive an error when accessing the file so they can take appropriate actions to secure themselves, or sender, if needed.
To provide secure and high performing access to the encrypted data Nafue services utilize a Decoupled Double PUT Process to store the secure data. First the Salt, IV, and MVD (Message Verification Data) are sent to the NAPI (Nafue API). NAPI generates the one-time access link and stores that in a secured database with the IV, Salt and MVD. NAPI then generates a pre-authorized upload request to Nafue's private Amazon S3 Vault. The NAPI returns both the one-time access link and pre-authorized upload request to the client. The client uploads the encrypted data directly to the S3 Vault using the pre-authorized request. Finally, the one-time access link is displayed to the user for sharing.
The one-time download link is used to obtain the encrypted data; provided the link hasn't expired. At the time of download, the encrypted data is deleted and purged from the private Nafue Cloud. The downloader is then prompted for the original password used to encrypt the data during "protection". If the correct password is entered the file is decrypted and made available for use.
This entire process was designed to protect the anonymity of both the uploader and downloader. Because encryption and decryption happen client side Nafue services, like any potential attacker, have no way of viewing the actual file contents. Thus, providing plausible deniability to all parties involved.
The download process utilizes a Decoupled Double GET Process to acquire the secured data. Navigating to the one-time link initiates a request to the NAPI (Nafue API). NAPI verifies the one-time link and file. Provided the link and file haven't expired, the NAPI then generates a pre-authorized download request to Nafue's private Amazon S3 Vault. The pre-authorized download request, Salt, IV and MVD (Message Verification Data) is then returned to the client.
The client uses the pre-authorized download request to acquire the encrypted data before prompting the user for a password. Provided the user enters the same password used for encryption the Salt and IV are used with the password to generate a PBKDF2 derived key to decrypt the data. The MVD is verified, and the file is decrypted. Upon decryption, the user is presented with the original file for use.