more htmx

Backend/src/main/resources/static/crypto.js

@@ -0,0 +1,28 @@
+async function encryptFile(arrayBuffer) {
+    const key = await crypto.subtle.generateKey(
+        { name: 'AES-GCM', length: 256 },
+        true,
+        ['encrypt', 'decrypt']
+    );
+
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+
+    const ciphertext = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, arrayBuffer);
+
+    // Payload: 12-byte IV prepended to ciphertext
+    const payload = new Uint8Array(12 + ciphertext.byteLength);
+    payload.set(iv, 0);
+    payload.set(new Uint8Array(ciphertext), 12);
+
+    // SHA-256(rawKey) → file identifier sent to server; server never sees the key itself
+    const rawKey = await crypto.subtle.exportKey('raw', key);
+    const hash = Array.from(new Uint8Array(await crypto.subtle.digest('SHA-256', rawKey)))
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+
+    // Base64url-encode key for URL fragment
+    const base64urlKey = btoa(String.fromCharCode(...new Uint8Array(rawKey)))
+        .replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+
+    return { payload, hash, base64urlKey };
+}