[d-z-m]

I looked around and couldn't find a description of the protocol by which two peers authenticate to each other/transfer files. Also, is the E2EE encryption referred to simply whatever is being used to encrypt the transport(DTLS/SRTP/etc)? or are you doing additional encryption/decryption of files?

Also I'm curious like others, does this only work if no nat traversal is required? or are you leveraging public stun/turn infrastructure?

[dkraj]

WebRTC it is: https://webrtc.org/

Yes only the network layer encryption. No file encryption as it will cost client browsers a lot in case of encrypting and then decrypting that at other end.

I have written more about it here: https://dikshantraj2001.medium.com/nat-stun-turn-and-ice-466...

Currently, I am using the public STUN servers only. If the IPs are not reachable, it would show an error and won't work as setting up TURN server would mean same as a third party server saving in file and serving it over network

[porridgeraisin]

You can use https://npmjs.com/e2ee.js (disclaimer: I am the author) for basic end to end encryption in the browser (uses the webcrypto api). It supports encrypting and decrypting a web stream as well which you could use.

[d-z-m]

Ideally I would not have to trust the signalling server to ensure I'm transferring files to who I think I am[0]. Not as much of a knock against your project as a knock against webRTC in general.

[0]: https://webrtchacks.com/webrtc-and-man-in-the-middle-attacks...

[stevenicr]

Has anyone considered a passphrase that splits into three words, where the middle server can decrypt one word and deliver a word and get a response then provide the whole phrase three words to prove it is the messenger that Bob sent?

Or something like that?

[meiraleal]

It's webrtc, no?

[dkraj]

yes it is using webRTC. will open source the repo soon. BTW there are all information about it in different threads