Secure P2P file sharing with automatic device discovery
A local network file sharing system that combines the ease of AirDrop with the security of SSH
-
Discovery Layer (UDP Broadcast)
- Devices broadcast presence on LAN (
255.255.255.255:9000) - Includes: device name, service port, shared folders, public key fingerprint
- Auto-pruning of offline devices
- Devices broadcast presence on LAN (
-
Security Layer (Ed25519 PKI)
- Each device has unique keypair (generated on first launch)
- Challenge-response authentication for all file transfers
- Thread-safe trust store in
~/.concorde/trusted_peers
-
Transport Layer (HTTP over TCP)
- File streaming via HTTP server
- Endpoints:
/catalog,/download/{folder}/{file},/upload - Only serves to trusted devices
# macOS
brew install libsodium cmake
# Ubuntu/Debian
sudo apt install libsodium-dev cmake build-essential
# Termux (Android)
pkg install libsodium cmake clanggit clone https://github.com/Domains18/concorde.git
cd concorde
mkdir build && cd build
cmake ..
make
# Test crypto layer
./test_crypto
# Run daemon
./concordeOn first launch, Concorde will:
- Generate an Ed25519 keypair (
~/.concorde/device.key,device.pub) - Start broadcasting device presence
- Listen for other devices
- Show pairing prompts when new devices are found
When a new device is discovered, you'll see:
╔════════════════════════════════════════╗
║ 🔐 New Device Wants to Connect ║
╚════════════════════════════════════════╝
Device: MacBook-Pro
Fingerprint: SHA256:a3f2c9e8b1d4
Trust this device? [y/n]:
Type y to approve. Future connections from this device will auto-authenticate.
Create ~/.concorde/config.json:
{
"shares": {
"work": "/home/user/Documents/work",
"media": "/mnt/storage/movies"
},
"port": 8080
}Restart Concorde. Other trusted devices will see "work" and "media" in their file browser.
Trust On First Use (TOFU):
- Like SSH, you manually approve devices the first time
- Public key fingerprints prevent impersonation
- All subsequent connections auto-authenticate
Challenge-Response:
Client → Server: "I want /file.mp4"
Server → Client: random_nonce
Client → Server: signature(nonce + pubkey)
Server: Verifies signature → Serves file
File Structure:
~/.concorde/
├── device.key (private key, chmod 600)
├── device.pub (public key, chmod 644)
├── trusted_peers (list of approved devices)
└── config.json (shared folders config)
- CRYPTO.md - Cryptography implementation details
- Architecture Overview - System design
Contributions welcome! This is a personal project for secure LAN file sharing.
MIT
{
"device_name": "MacBook",
"ip": "192.168.1.100",
"port": 8080,
"fingerprint": "SHA256:a3f2c9...",
"shares": ["work", "media"],
"timestamp": 1234567890,
"signature": "..."
}- Fast - Faster than RSA for signing/verification
- Secure - 128-bit security level (equivalent to 3072-bit RSA)
- Small - 32-byte public keys, 64-byte signatures
- Modern - Resistant to timing attacks
- Widely supported - libsodium, OpenSSL 1.1+
- libsodium - Crypto primitives (Ed25519, SHA256, random)
- CMake - Build system
- C++17 - Modern C++ features (std::filesystem, etc.)
- AirDrop - Zero-config device discovery
- SSH - Public key authentication
- Syncthing - Decentralized file sync
- Magic Wormhole - Secure file transfer