tkiFileVault

tkiFileVault

Secure file sharing service for confidential files larger than email capacity

← Back to Projects

Overview

tkiFileVault is a secure file sharing service that allows domain users to securely share files by emailing tkiFileVault@{domain} with recipient addresses. The system creates a transfer case, sends the admin an upload link, and after files are uploaded, sends download links to recipients.

Perfect for: Sharing large files, confidential documents, and time-sensitive transfers that exceed email size limits.

Security: Files are encrypted (AES-256-CBC), stored temporarily (24-hour expiry), and all storage paths are obfuscated.

Key Features

Email-Driven Workflow

Create cases by simply emailing tkiFileVault@{domain} with recipient addresses. No complex setup required.

Token-Based Security

Unique tokens per recipient—no PINs or passwords to remember. Each recipient gets their own secure link.

File Encryption

AES-256-CBC encryption with filename included. Files are encrypted at rest and during transfer.

Obfuscated Storage

All paths and filenames are hashed. Even system administrators cannot easily identify stored files.

Individual File Downloads

Files are downloaded individually, allowing recipients to select and download only the files they need.

Streaming Decryption

Files are decrypted on-the-fly during download. No decrypted files stored on disk.

Minimal Download Tracking

Basic download tracking is maintained for essential functionality. Privacy-focused design with intentionally minimal tracking.

Automatic Cleanup

Cases expire after 24 hours with summary email. Automatic deletion ensures no data retention beyond expiry.

Chunked Uploads

Handles files of any size through intelligent chunked transfer system. No file size limits.

How It Works

1. Create a Case

Email tkiFileVault@{domain} with recipient email addresses in the message body. The subject line is optional.

Example message body:

recipient1@example.com recipient2@example.com recipient3@example.com

2. Upload Files

The admin receives an email with an upload link. Click the link, select files, and upload. Files are stored individually and can be downloaded separately by recipients. The system handles files of any size through chunked transfers.

3. Recipients Download

Recipients automatically receive download links via email. Files are decrypted on-the-fly during download. Each download is tracked for audit purposes.

4. Automatic Expiry

After 24 hours, the case automatically expires. The admin receives a summary email with transfer details, download counts, and timestamps. All case files and data are securely deleted.

Security Considerations

  • Cryptographically Secure Tokens: All tokens are generated using secure random values
  • AES-256-CBC Encryption: Industry-standard encryption for file protection
  • PBKDF2 Key Derivation: Encryption keys derived using secure key derivation functions
  • Obfuscated Storage: Storage paths and filenames are hashed to prevent easy identification
  • No Decrypted Files: Files are never stored in decrypted form on disk
  • SQL Injection Prevention: All database queries use prepared statements
  • Directory Traversal Prevention: All file paths are validated to prevent directory traversal attacks
  • Time-Limited Access: 24-hour expiry ensures files are not retained indefinitely

Technical Details

tkiFileVault is built with modern web technologies:

  • Backend: PHP 8.2+ with SQLite database
  • File Transfer: Go WebSocket service for high-performance chunked uploads
  • Client Processing: WebAssembly module for efficient browser-side operations
  • Email Integration: IMAP email parsing for case creation
  • Encryption: AES-256-CBC with PBKDF2 key derivation

Note: tkiFileVault is designed for internal use within a domain. Domain restriction ensures only authorized users can create cases via email.

Pricing & Platform Support

Self-Hosting License: $129/year

The listed price is for a self-hosting license, allowing you to run tkiFileVault on your own infrastructure.

Platform Support

  • Linux: Full support (tested on Debian 12)
  • Windows Server: Full support
  • macOS Server: Coming soon

tkiFileVault is designed to run on your own servers, giving you complete control over your data and infrastructure. The system requirements are minimal, making it suitable for deployment on a wide range of server environments.

Interested in tkiFileVault?

Contact us to set up a demo account and see how tkiFileVault can streamline your secure file sharing needs.

Contact Us →