In light of the recent Binance and Capital One hacks, I thought I'd share what I'm working on. It's tool that makes it easier for businesses to collect end-to-end encrypted documents. All s3 buckets only store PGP files so misconfiguration is less disastrous. If a business uploads their public key, then there's no data in the cloud to hack. I learned a lot of awesome JS tricks while working on this. All the encryption is done in the client's browser using OpenPGP.js (which I highly recommend).
I built out Pipefile (https://pipefile.com) as a one man operation. Bundle your PGP key into file upload forms to receive end-to-end encrypted files. Embed the upload forms into any html page to receive files without setting up any backend infrastructure.
Relaunching my product Pipefile after some initial feedback.
One of the biggest complaints I received was the friction required for sending file requests. Now you can register pipefile.com/yourname and share that link instead. Any files uploaded there will be encrypted with your PGP public encryption key in the uploader's browser before getting sent to the servers. You can then download the .gpg files and decrypt them locally using GnuPG, GPGTools, etc.
Hey Chris, thanks for taking a look. While the service is likely more useful to a business that is frequently collecting sensitive docs (financial, legal, etc), I'm working to make the product more useful for consumers who only have the occasional need (tax time is coming up soon). The idea is you'll be able to register pipefile.com/chris and "pipe" uploads directly to your dropbox or other cloud provider. That way you can set it up and just share the static link with your accountant, lawyer, etc.
Re: Pipe File vs Pipefile, all my legal docs are Pipefile but branding is a bit inconsistent. I like the look of Pipe File but will likely change it for consistency sake.