展示HN:ShareNova – 具备魔法字节扫描的零知识文件传输
嗨,HN,
我是一名IT支持领域的软件工程师。我需要在机器之间安全地传输大型日志文件和系统镜像。现有的工具要么有大小限制,要么需要账户,或者缺乏真正的加密功能。因此,我开发了ShareNova。
它的工作原理如下:
实时传输:通过服务器中继的WebSocket流式传输,使用位字段跟踪进行分块,支持断开连接后的自动恢复。无需账户。
延迟存储:当接收方离线时,文件会在客户端进行分块和加密,采用AES-256-GCM(PBKDF2密钥派生,200K次迭代)后再上传。服务器仅存储密文,密钥不会离开浏览器。
魔法字节文件扫描器:每个延迟文件都会在服务器端扫描,读取前16个字节并与已知签名进行比较。可以检测伪装的可执行文件(.jpg中的MZ头)、双扩展名以及包含危险文件的压缩包。结果会以安全徽章的形式展示给接收方。
浏览器内预览:图像、视频、音频、PDF和代码文件可以在下载前预览,而不会破坏安全模型。
技术栈为Node.js + Express + ws,单服务器,核心传输逻辑没有外部依赖。
试试吧: [https://sharenova.io](https://sharenova.io)
我希望能收到关于架构和扫描方法的反馈。
查看原文
Hi HN,<p>I'm a software engineer in IT support. I constantly need to transfer large log files and system images securely between machines. Existing tools either had size limits, required accounts, or lacked real encryption. So I built ShareNova.<p>How it works:<p>Live transfer: Server-relayed WebSocket streaming, chunked with bitfield tracking for automatic resume on disconnect. No account required.<p>Deferred storage: When the receiver is offline, files are chunked and encrypted client-side using AES-256-GCM (PBKDF2 key derivation, 200K iterations) before upload. The server only stores ciphertext. Keys never leave the browser.<p>Magic-byte file scanner: Every deferred file is scanned server-side by reading the first 16 bytes and comparing against known signatures. Detects disguised executables (MZ header in a .jpg), double extensions, and archives containing dangerous files. Results are shown as safety badges to the receiver.<p>In-browser preview: Images, video, audio, PDF, and code files can be previewed before download without breaking the security model.<p>The stack is Node.js + Express + ws, single-server, no external dependencies for the core transfer logic.<p>Try it: <a href="https://sharenova.io" rel="nofollow">https://sharenova.io</a><p>I'd love feedback on the architecture and the scanning approach.