brew tap ZinoKader/portal brew install portal
Either get the latest release and install it manually, or run
curl -s https://raw.githubusercontent.com/ZinoKader/portal/master/scripts/install.sh | bash
if permission denied for moving the files to /../bin, replace " | bash" with " | sudo bash"
(the script is in the repo, so you can check it out before you blindly trust in it!)
portal is a fast and secure file transfer utility for sending files from one computer to any other computer. All communication beyond the initial client handshake is encrypted. If the sender and receiver can reach each other directly, the file transfer involves no servers. Otherwise the file transfer goes through a relay server which facilitates the connection, but sees none of the data.
Sending files and folders
The file transfer starts by invoking the command from the sender side:
portal send <file1> <file2> <folder1> <folder2> ...
The application will output a temporary password on the format
1-inertia-elliptical-celestial. The sender will communicate this password to the receiver over some secure channel.
Receiving files and folders
The receiver would then issue the command:
portal receive 1-intertia-elliptical-celestial
The two clients will connect to each other and transfer the file(s)/folder(s).
Extra: hosting your own rendezvous/relay server
To make connection establishment possible, portal makes use of a rendezvous server. By default, a rendezvous server hosted at Digital Ocean is preconfigured, so you do not need to do anything. If you would like to host one on your own, build the server and start it with:
# specify port with -p or --port portal-rendezvous --port 80
- End-to-end encryption using PAKE2 to negotiate a shared session-key
- Direct transfer of files if possible (e.g. sender and receiver are in the same local network)
- Fallback to a TURN-server (rendezvous-relay) for file transfer if the sender and receiver are behind NATs in different network
- Parallel gzip compression of files for faster and more efficient transfer
The connection between the sender and the server is negotiated using a intermediary server called
portal-rendezvous server is used to negotiate a secure encrypted channel while never seeing the contents of files nor the temporary password.
The communication works as follows:
senderapplication connects to
rendezvous-serverallocates an id to the sender and sends over websocket to the
senderoutputs the password to the terminal, hashes the password and sends it to the
receiverhashes the password (which has been communicated over some secure channel) and the sends it to the
- When both the
receiverhas sent the hashed password to the
rendezvous-serverthe cryptographic exchange starts, during which the
rendezvous-serverrelays messages from the
receiveror vice versa
- Once the cryptographic exchange is done, every message sent by the
receiveris encrypted, and the
rendezvous-servercannot decrypt them
- Now two things can happen:
- Either the
receiverare behind the same NAT, in which case the file transfer will be directly between the
receiver. In this case, the connection to the
rendezvous-serverwill be closed
- If they are not behind the same
NAT, the transfer will fallback to go through the
rendezvous-serverwhich will continue to relay encrypted messages until the file transfer is completed
- Either the
This was initially a project made for the course IK2218 Protocols and Principles of the Internet. We often used similar tools in our day-to-day and wanted to make our own!
- Zino Kader
- Arvid Gotthard
- Anton Sederlin