Title: Asynchronous secure file transfer with nncp
Author: Solène
Date: 04 October 2024
Tags: privacy security network unix
Description: In this blog post, you will learn about the software nncp
and how to use it to exchange encrypted data with peers
# Introduction
nncp (node to node copy) is a software to securely exchange data
between peers. Is it command line only, it is written in Go and
compiles on Linux and BSD systems (although it is only packaged for
FreeBSD in BSDs).
The website will do a better job than me to talk about the numerous
features, but I will do my best to explain what you can do with it and
how to use it.
HTML nncp official project website
# Explanations
nncp is a suite of tools to asynchronously exchange data between peers,
using zero knowledge encryption. Once peers have exchanged their
public keys, they are able to encrypt data to send to this peer, this
is nothing really new to be honest, but there is a twist.
* a peer can directly connect to another using TCP, you can even
configure different addresses like a tor onion or I2P host and use the
one you want
* a peer can connect to another using ssh
* a peer can generate plain files that will be carried over USB,
network storage, synchronization software, whatever, to be consumed by
a peer. Files can be split in chunks of arbitrary size in order to
prevent anyone snooping from figuring how many files are exchanged or
their name (hence zero knowledge).
* a peer can generate data to burn on a CD or tape (it is working as a
stream of data instead of plain files)
* a peer can be reachable through another relay peer
* when a peer receives files, nncp generates ACK files
(acknowledgement) that will tell you they correctly received it
* a peer can request files and/or trigger pre-configured commands you
expose to this peer
* a peer can send emails with nncp (requires a specific setup on the
email server)
* data transfer can be interrupted and resumed
What is cool with nncp is that files you receive are unpacked in a
given directory and their integrity is verified. This is sometimes
more practical than a network share in which you are never sure when
you can move / rename / modify / delete the file that was transferred
to you.
I identified a few "realistic" use cases with nncp:
* exchange files between air gap environments (I tried to exchange
files over sound or QR codes, I found no reliable open source solution)
* secure file exchange over physical medium with delivery notification
(the medium needs to do a round-trip for the notification)
* start a torrent download remotely, prepare the file to send back once
downloaded, retrieve the file at your own pace
* reliable data transfer over poor connections (although I am not sure
if it beats kermit at this task :D )
* "simple" file exchange between computers / people over network
This let a lot of room for other imaginative use cases.
# Real world example: Syncthing gateway
My preferred workflow with nncp that I am currently using is a group of
three syncthing servers.
Each syncthing server is running on a different computer, the location
does not really matter. There is a single share between these
syncthing instances.
The servers where syncthing are running have incoming and outgoing
directories exposed over a NFS / SMB share, with a directory named
after each peer in both directories. Deposing a file in the "outgoing"
directory of a peer will make nncp to prepare the file for this peer,
put it into the syncthing share and let it share, the file is consumed
in the process.
In the same vein, in the incoming directory, new files are unpacked in
the incoming directory of emitting peer on the receiver server running
syncthing.
Why is it cool? You can just drop a file in the peer you want to send
to, it disappears locally and magically appears on the remote side. If
something wrong happens, due to ACK, you can verify if the file was
delivered and unpacked. With three shares, you can almost have two
connected at the same time.
It is a pretty good file deposit that requires no knowledge to use.
This could be implemented with pure syncthing, however you would have
to:
* for each peer, configure a one-way directory share in syncthing for
each other peer to upload data to
* for each peer, configure a one-way directory share in syncthing for
each other peer to receive data from
* for each peer, configure an encrypted share to relay all one way
share from other peers
This does not scale well.
Side note, I am using syncthing because it is fun and requires no
infrastructure. But actually, a webdav filesystem, a Nextcloud drive
or anything to share data over the network would work just fine.
# Setup
## Configuration file and private keys
On each peer, you have to generate a configuration file with its
private keys. The default path for the configuration file is
`/etc/nncp.hjson` but nothing prevents you from storing this file
anywhere, you will have to use the parameter `-cfg /path/to/config`
file in that case.
Generate the file like this:
```
nncp-cfgnew > /etc/nncp.hjson
```
The file contains comments, this is helpful if you want to see how the
file is structured and existing options. Never share the private keys
of this file!
I recommend checking the spool and log paths, and decide which user
should use nncp. For instance, you can use `/var/spool/nncp` to store
nncp data (waiting to be delivered or unpacked) and the log file, and
make your user the owner of this directory.
## Public keys
Now, generate the public keys (they are just derived from the private
keys generated earlier) to share with your peers, there is a command
for this that will read the private keys and output the public keys in
a format ready to put in the nncp.hjson file of recipients.
```
nncp-cfgmin > my-peer-name.pub
```
You can share the generated file with anyone, this will allow them to
send you files. The peer name of your system is "self", you can rename
it, it is just an identifier.
## Import public keys
When import public keys, you just need to add the content generated by
the command `nncp-cfgmin` of a peer in your nncp configuration file.
Just copy / paste the content in the `neigh` structure within the
configuration file, just make sure to rename "self" by the identifier
you want to give to this peer.
If you want to receive data from this peer, make sure to add an
attribute line `incoming: "/path/to/incoming/data"` for that peer,
otherwise you will not be able to unpack received file.
# Usage
Now you have peers who exchanged keys, they are able to send data to
each other. nncp is a collection of tools, let's see the most common
and what they do:
* nncp-file: add a file in the spool to deliver to a peer
* nncp-toss: unpack incoming data (files, commands, file request,
emails) and generate ack
* nncp-reass: reassemble files that were split in smaller parts
* nncp-exec: trigger a pre-configured command on the remote peer, stdin
data will be passed as the command parameters. Let's say a peer offers
a "wget" service, you can use `echo "https://some-domain/uri/" |
nncp-exec peername wget` to trigger a remote wget.
If you use the client / server model over TCP, you will also use:
* nncp-daemon: the daemon waiting for connections
* nncp-caller: a daemon occasionally triggering client connections (it
works like a crontab)
* nncp-call: trigger a client connection to a peer
If you use asynchronous file transfers, you will use:
* nncp-xfer: generates to / consumes files from a directory for async
transfer
# Workflow (how to use)
## Sending files
For sending files, just use `nncp-file file-path peername:`, the file
name will be used when unpacked, but you can also give the filename you
want to give once unpacked.
A directory could be used as a parameter instead of a file, it will be
stored automatically in a .tar file for delivery.
Finally, you can send a stream of data using nncp-file stdin, but you
have to give a name to the resulting file.
## Sync and file unpacking
This was not really clear from the documentation, so here it is how to
best use nncp when exchanging files using plain files, the destination
is `/mnt/nncp` in my examples (it can be an external drive, a syncthing
share, a NFS mount...):
When you want to sync, always use this scheme:
1. `nncp-xfer -rx /mnt/nncp`
2. `nncp-toss -gen-ack`
3. `nncp-xfer -keep -tx -mkdir /mnt/nncp`
4. `nncp-rm -all -ack`
This receives files using `nncp-xfer -rx`, the files are stored in nncp
spool directory. Then, with `nncp-toss -gen-ack`, the files are
unpacked to the "incoming" directory of each peer who sent files, and
ACK are generated (older versions of `nncp-toss` does not handle ack,
you need to generate ack befores and remove them after tx, with
`nncp-ack -all 4>acks` and `nncp-rm -all -pkt < acks`).
`nncp-xfer -tx` will put in the directory the data you want to send to
peers, and also the ack files generated by the rx which happened
before. The `-keep` flag is crucial here if you want to make use of
ACK, with `-keep`, the sent data are kept in the pool until you receive
the ACK for them, otherwise the data are removed from the spool and
will not be retransmited if the files were not received. Finally,
`nncp-rm` will delete all ACK files so you will not transmit them
again.
# Explanations about ACK
From my experience and documentation reading, there are three cases
with the spool and ACK:
* the shared drive is missing the files you sent (that are still in
pool), and you received no ACK, the next time you run `nncp-xfer`, the
files will be transmitted again
* when you receive ACK files for files in spool, they are deleted from
the spool
* when you do not use `-keep` when sending files with `nncp-xfer`, the
files will not be stored in the spool so you will not be able to know
what to retransmit if ACK are missing
ACKs do not clean up themselves, you need to use `nncp-rm`. It took me
a while to figure this, my nodes were sending ACKs to each other
repeatedly.
# Conclusion
I really like nncp as it allows me to securely transfer files between
my computers without having to care if they are online. Rsync is not
always possible because both the sender and receiver need to be up at
the same time (and reachable correctly).
The way files are delivered is also practical for me, as I already
shared above, files are unpacked in a defined directory by peer,
instead of remembering I moved something in a shared drive. This
removes the doubt about files being in a shared drive: why is it there?
Why did I put it there? What was its destination??
I played with various S3 storage to exchange nncp data, but this is for
another blog post :-)
# Going further
There are more features in nncp, I did not play with all of them.
You can define "areas" in parallel of using peers, you can use emails
notifications when a remote receives data from you to have a
confirmation, requesting remote files etc... It is all in the
documentation.
I have the idea to use nncp on a SMTP server to store encrypted
incoming emails until I retrieve them (I am still working at improving
the security of email storage), stay tuned :)