|
|
|
|
Show HN: Kurpod – an encrypted OSS "container file" you can name vacation.jpg
(github.com)
|
|
1 points
by Tsarp
131 days ago
|
|
|
I built Kurpod: a self-hosted file vault that stores many files inside a single encrypted blob you can name like an innocent file (e.g., “vacation.jpg”). The twist: the same blob supports two passwords:
- Password #1 unlocks a decoy volume (harmless files)
- Password #2 unlocks a hidden volume (the real stuff) Diagram:
my_vacation.jpg (really an encrypted blob) ├─ pw1 → standard volume (decoy)
└─ pw2 → hidden volume (real)
Important: this is filename disguise, not steganography / real file-format mimicry. If someone runs `file`, it won’t look like a JPEG.Crypto primitives: Argon2id for KDF + XChaCha20-Poly1305 for encryption. Quick start (Docker):
docker run -p 3000:3000 -e BLOB_DIR=/data -v ./data:/data ghcr.io/srv1n/kurpod-server:latest
open http://localhost:3000 Demo video:
https://github.com/user-attachments/assets/d47b10cf-c38e-47e... It’s an early release (expect bugs / not audited). I’d love feedback on: 1) threat model: what this protects well vs. where it’s weak
2) plausible-deniability ergonomics: what user mistakes would ruin the “decoy” story?
3) file format / crypto review: anything obviously dumb or dangerous?
|
|
|