Uploading a file

A file upload proceeds in the following steps

  1. Check filename is valid and free

  2. Create a transaction file with a plan for the upload

  3. Generate a stream secret for the file (32 random bytes) which is stored in the encrypted file metadata

  4. For every section of the file which is up to 5 MiB:

    • Pad plaintext to a multiple of 4096 bytes.
    • Encrypt the padded 5 MiB file section with a random symmetric key
    • Split the cipher text into 1 MiB fragments
    • Create a FileAccess cryptree node with merkle links to all the resulting fragments
    • Add the FileAccess to the champ of the writing key pair (under a random 32 byte label for initial chunks, or sha256(stream secret + previous label))
  5. Add a cryptree link from the parent directory to the file

  6. Delete the transaction file

A modification, such as uploading a file, can be done through any Peergos server as the writes are proxied through an ipfs p2p stream to the owner's storage ipfs node.