How does sharing work?
When you send files, they are encrypted in your browser before being uploaded to our servers. With Trebuchet your files never leave your computer unencrypted.
After encrypting and uploading is complete, you'll get a download link that you can share with your recipients.
Only if someone has the full link can they download and decrypt the file, and only before the link expires. So it’s important to make sure you only send the link to the intended recipient. Worst case: you can cancel the transfer at any point.
How does sharing work if you don't have any keys?
The full sharing link includes the file location and the decryption key. The key is generated and stored in your device's web browser, and is never sent to us.
Note that the encryption key is stored in only the browser you used to send the file - logging into Trebuchet with another browser or on another device won't get you existing transfers!
Can I apply additional controls?
With Trebuchet you can apply additional controls when uploading or requesting files. Depending on the version you have, you can also set:
- The number of times a file can be downloaded.
- How long the file is retained before it expires.
- A password required to decrypt files. This can be shared separately to the link.
- Email verification, which requires the named recipients to copy a code sent to their email.
When the file expires, either because of the duration you set or the maximum number of downloads is reached, it is automatically deleted from our servers.
How does requesting a file work?
As well as using Trebuchet to securely send files, it can also be used to request files, and, like sharing, the recipient of the request does not need a Trebuchet account.
To receive a file you generate an invitation request, which creates a unique link to be shared with the person who has the files to share with you. With the invitation link they can share files with you. Encryption is the same as for transfer you initiate.
When the sender has used the invitation link to share files with you, the files will be available in your Trebuchet inbox, and are decrypted using your key.
Is it secure?
At all points during a transfer, including when on our servers, the files are encrypted using keys that only you hold. Only you can view the details of files or invitations you have already shared. Once a file or invitation is expired, the keys in your browser are also removed. For those who want the gory details:
- The files are all end-to-end encrypted, using AES-256 in Galois Counter Mode (GCM).
- Encryption key derivation uses PBKDF2 and HKDF. AES key wrap is used to protect your local keys.
- When you send file sharing requests, the encryption keys are themselves encrypted using Elliptic Curve Diffie Hellman (ECDH), using NIST curve P-384.
- Your browsing traffic is encrypted using TLS versions 1.2 or 1.3
End-to-end encryption means that we cannot access your files, only your recipients can.
Is Trebuchet similar to Firefox Send?
Trebuchet was inspired by Firefox Send, but we've taken it much further.
Firefox Send was a great file sharing application from the Mozilla Foundation, but as on their blog, it had to be closed down as it was frequently being used for malicious purposes - primarily due to its anonymity. We've started with their approach, added authentication (thus removing the anonymity), and built in more features and improved security.
There are three source files in Trebuchet that have come from the original Firefox Send project. As per their license agreement, we have made these files available here.
