Logo

Chapter 1 Overview & Security Scope

This chapter defines the whitepaper purpose, normative language, and terminology, and states FileBolt's security objectives and boundary conditions. Clear separation of in-scope and out-of-scope risks prevents misunderstandings about what the system can guarantee.

Document metadata

Whitepaper version
v1.0
Last updated
2026-01-14

Back to: Security & Privacy Whitepaper (Overview)

1.0 Purpose

  • Describe FileBolt's security design and trust boundaries for users and auditors.
  • Explain how confidentiality/integrity is protected across upload, storage, and download.
  • Provide verifiable evidence links and Claim IDs for review and reproducibility.

1.1 Normative language & terms

  • Normative keywords: MUST / SHOULD / MAY (RFC 2119-style usage).
  • CEK: Content Encryption Key; 16 bytes (128-bit); one per file.
  • E2EE / Zero-knowledge: encryption and decryption occur on the client; the server handles only ciphertext and public parameters and MUST NOT obtain CEK.
  • transferId / fileId / chunkIndex: identifiers for transfer, file, and chunk index.
  • manifest: public parameters needed to download/assemble/decrypt (e.g., cryptoVersion, chunkSize, mapping); MUST NOT contain CEK.
  • Short-lived access token: server-side session token (lookup-based) used to authorize ciphertext/manifest access; expires by design.

1.2 Security objectives

  • Confidentiality: the server MUST NOT be able to decrypt user content under the zero-knowledge model.
  • Integrity: tampering MUST be detected; AEAD authentication failure MUST fail closed.
  • Access control: ciphertext access MUST be protected by scoped, expiring tokens; senders MUST be able to revoke.
  • Auditability: provide minimal, sender-visible delivery evidence while minimizing sensitive data exposure.

1.3 In scope

  • Zero-knowledge/E2EE boundary and key handling (URL fragment model).
  • Chunked encryption and authentication parameters (cryptoVersion=v1).
  • Token-based authorization for upload/download and manifest retrieval; revocation semantics.
  • Web security baseline for download/decrypt pages (CSP, no third-party scripts).

1.4 Out of scope

  • Compromised endpoints: malware, malicious browser extensions, or rooted devices.
  • User-intentional link leakage, social engineering, or misconfiguration.
  • Content scanning on the server side (incompatible with strict zero-knowledge content protection).