Add an option to password protect a file #104

New Issue

Closed

opened 2026-01-19 18:28:58 +00:00 by michael · 10 comments

michael commented 2026-01-19 18:28:58 +00:00

Owner

Copy Link

Originally created by @CodeCubeNeo on GitHub.

I think it would be awesome if we could restrict unknown users from even downloading a file (not just encryption). I think the easiest way is that if the uploader wants, he can set a password, and if the downloader wants to have that file, he should enter that password.

Originally created by @CodeCubeNeo on GitHub. I think it would be awesome if we could restrict unknown users from even downloading a file (not just encryption). I think the easiest way is that if the uploader wants, he can set a password, and if the downloader wants to have that file, he should enter that password.

michael closed this issue 2026-01-19 18:28:58 +00:00

michael commented 2026-01-19 18:28:59 +00:00

Author

Owner

Copy Link

@CodeCubeNeo commented on GitHub:

So 20 lenght is default for transfer.sh?

@CodeCubeNeo commented on GitHub: So 20 lenght is default for transfer.sh?

michael commented 2026-01-19 18:28:59 +00:00

Author

Owner

Copy Link

@CodeCubeNeo commented on GitHub:

I guess yes, but you can guess that (although nearly impossible). You can close this and thanks for taking the time to answer my question ;).

@CodeCubeNeo commented on GitHub: I guess yes, but you can guess that (although nearly impossible). You can close this and thanks for taking the time to answer my question ;).

michael commented 2026-01-19 18:28:59 +00:00

Author

Owner

Copy Link

@toastie89 commented on GitHub:

The 'password' is part of the URL in form of the random key, isn't it?

@toastie89 commented on GitHub: The 'password' is part of the URL in form of the random key, isn't it?

michael commented 2026-01-19 18:28:59 +00:00

Author

Owner

Copy Link

@paolafrancesca commented on GitHub:

@CodeCubeNeo

it's one of the example on the frontend:

# Encrypt files with password using gpg
$ cat /tmp/hello.txt|gpg -ac -o-|curl -X PUT --upload-file "-" https://transfer.sh/test.txt

# Download and decrypt
$ curl https://transfer.sh/FPbp5w/test.txt|gpg -o- > /tmp/hello.txt

@paolafrancesca commented on GitHub: @CodeCubeNeo it's one of the example on the frontend: ``` # Encrypt files with password using gpg $ cat /tmp/hello.txt|gpg -ac -o-|curl -X PUT --upload-file "-" https://transfer.sh/test.txt # Download and decrypt $ curl https://transfer.sh/FPbp5w/test.txt|gpg -o- > /tmp/hello.txt ```

michael commented 2026-01-19 18:28:59 +00:00

Author

Owner

Copy Link

@toastie89 commented on GitHub:

For me the 6 characters also feel a bit short. I run an own instance of transfer.sh and set random-token-length to 20.

@toastie89 commented on GitHub: For me the 6 characters also feel a bit short. I run an own instance of transfer.sh and set `random-token-length` to 20.

michael commented 2026-01-19 18:28:59 +00:00

Author

Owner

Copy Link

@toastie89 commented on GitHub:

So 20 lenght is default for transfer.sh?

No, this is what I've set for my own installation. The default is 6.

@toastie89 commented on GitHub: > So 20 lenght is default for transfer.sh? No, this is what I've set for my own installation. The default is 6.

michael commented 2026-01-19 18:28:59 +00:00

Author

Owner

Copy Link

@paolafrancesca commented on GitHub:

fixed in #162 162

@paolafrancesca commented on GitHub: fixed in #162 162

michael commented 2026-01-19 18:28:59 +00:00

Author

Owner

Copy Link

@CodeCubeNeo commented on GitHub:

maybe change deafult to 10 or more? Just an idea.

@CodeCubeNeo commented on GitHub: maybe change deafult to 10 or more? Just an idea.

michael commented 2026-01-19 18:28:59 +00:00

Author

Owner

Copy Link

@CodeCubeNeo commented on GitHub:

Great. always better to change security for the better over 4 characters (possible combos rise from 36^6 to 36^10 (36 is the number of possible characters only alphanumeric) which is quite a lot). Math is probably not right, but I still threw it there.

@CodeCubeNeo commented on GitHub: Great. always better to change security for the better over 4 characters (possible combos rise from 36^6 to 36^10 (36 is the number of possible characters only alphanumeric) which is quite a lot). Math is probably not right, but I still threw it there.

michael commented 2026-01-19 18:28:59 +00:00

Author

Owner

Copy Link

@paolafrancesca commented on GitHub:

maybe change deafult to 10 or more? Just an idea.

I will do

@paolafrancesca commented on GitHub: > maybe change deafult to 10 or more? Just an idea. I will do

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/golang.org/x/net-0.38.0

revert-646-main

dependabot/go_modules/golang.org/x/oauth2-0.27.0

check-ci-20241026

aspacca-patch-1

seed-rand

fix-basic-auth

fix-header-map-change-after-writeheader-call

issue-503

issue-487

gpg-encryption-support

lint-accept-range

bump-min-go-version-and-include-tip

accept-range

local-google-fonts

parallel-range-requests

issue-485

sb/storj-bump

fix-perform-clamav-prescan

revert-389-clamav-prescan

clamav-prescan

changes-in-front-end

ISSUE-440

revert-422-main

master

golint

ISSUE-398

multiple-fixes

ISSUE-382-take2

ISSUE-382

fix-workflows

fixes-20210521

ISSUE-371

ISSUE-38-WEB

ISSUE-313

ISSUE-296

fuzz

BINARY-RELEASES

ISSUE-256

v1.6.1

v1.6.0

v1.5.0

v1.4.0

v1.3.1

v1.3.0

v1.2.6

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

Labels

Clear labels

bug

docker

enhancement

hacktoberfest

help wanted

invalid

question

storage provider

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

michael

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dutchcoders/transfer.sh#104