web one-time offer file securely

Project maintained by kisom Hosted on GitHub Pages — Theme by mattgraham

Web Onetime Offer File Securely

author: Kyle Isom

quick overview

python program behaving the same as the woof script written by Simon Budig but providing SSL encryption.

license: dual ISC / public domain license. see LICENSE.

what does it do? woofs allows you to quickly offer a file for download on your machine. it offers the ability to select the port and number of times the file can be downloaded before the HTTPS server shuts down (which defaults to 1).


how do i use it?

the simplest way is to use something like this:

./woofs.py --port 443 --downloads 2 file.tar.bz

this looks for a configuration file at ${HOME}/.config/woofs/config which should look something like:

cat ~/.config/woofs/config
key: /etc/ssl/private/server.key
cert: /etc/ssl/server.crt

you can also specify a configuration file using the --config option, or a key and certificate using --key and --cert to point to the files.

by default, woofs uses the internal LAN address (i.e. you can have it use your external IP address using --external.

you can also use gzip compression by using the --gzip (or -z).

the most likely cause of problems will be incorrect permissions - see the section on permissions below.

how do i generate ssl keys?

openssl genrsa -out ~/.woofs/server.key 2048
openssl req -new -key ~/.woofs/server.key -out ~/.woofs/server.csr

at this point you have two options -

  1. submit the certificate signature request to a trusted CA, who will give you a signed certificate in exchange for money, or
  2. self-sign your certificate. there are a number of security issues here but the easiest way around them is to have the end-user verify the SSL fingerprint.

if you choose to self-sign, at this point you would need to issue the following:

openssl x509 -req -days 365 -in ~/.woofs/server.csr \
  -signkey ~/.woofs/server.key -out ~/.woofs/server.crt

a note on file permissions

it is critical that ~/.woofs (or whatever folder you put the key in) must have secure permissions: i recommend the files inside have a mode of 0600, and the directory have the permissions of 0700.

Files need to have secure permissions; the private files (config and the private key) should be 0400 or 0600, while public files should be 644.