From version 0.2, MegaUploader
allows to enter a "
Pre-Shared Key" when uploading, and from version
0.6, it allows to enter up to 2 "
Key Watermarks".
In this article these concepts will be explained, what are they and how you can use them.
Introduction
MEGA file links has the following estructure: ! + FileID + ! + FileKey (44 characters).
If
you miss the FileKey, you can still try to download the file (because
you have the FileID), but the file content and name can't be retrieved -
they are ciphered with the FileKey!
[Technical information, skip this paragraph if you don't understand]
The
FileKey is a (modified) Base64 text string, this is, each character has
the possible values of A-Z, a-z, 0-9, and two characters "-" and "_".
We say modified because the "formal" Base64 encode uses "+" and "/"
instead of "-", "_", and put "=" at the end of the string if necessary.
Each Base64 character represents 6 bits of information, so the 44
characters represent a key of 256 bits (44 * 6 is a little bit more, 264
but only 256 bits are used), that is, 32 bytes.
The FileKey is
generated randomly each time you upload a file. When uploading, a hash
(if you don't understand what is a hash, it is something as a
"signature") is calculated with the file content, and this hash is
append to the FileKey (that hash is called "CBC MAC"). The hash is
inserted at the end and in the middle of the FileKey, so if you divide
the FileKey in 4 (more or less 11 characters each chunk), the first and
third chunk is the original key, and the second and fourth chunk
contains the hash.
If you know the original key but doesn't have the hash (CBC MAC),
you will be able to download the file, but a Decryption Error will be
displayed using MEGA webpage - because the hash can't be verified.
Key Watermarks
We have said that the hash is contained in the second
and fourth chunk of the FileKey. This hash is calculated during the
upload process, and involves an cryptographic ciphering of the file
content. For that reason the hash will depend on the file, each file
will have a different hash and we can't predict its value.
However, we can predict the value of the first and third chunk of
the FileKey. You can modify its value and put whatever you want!
For
that reason, you can insert up to 2 "Key Watermarks" in MegaUploader:
one at the beginning of the key, and another one at the third position.
You can only use some basics characters in that Watermark: alphabetical
letters, numbers, and the "-" and "_". You can't use @, slashed, or
other signs.
For example, this file was uploaded using Key Watermarks: the first one is "0123456789" and the second one is "9876543210":
https://mega.co.nz/#!OFEQ0Y4Z!0123456789wVrs6n7Jyx8-9876543210nkI8MA5Gf4g
If you don't specify any Key Watermark, the FileKey will be
calculated randomly. But if you specify it, that text will appear in the
FileKey!!
So, to sum up, the Watermark allows you to specify the first and third chunk of the FileKey and put your personalised text.
Pre-Shared Keys
A Pre-Shared Key has the opposite concept of the WaterMark.
In the WaterMark you specify the final value of the FileKey, after the hash calculation.
But in a Pre-Shared Key you specify the original value of the FileKey, before calculating the hash.
The target of a Pre-Shared Key is to allow sharing a link without
the FileKey, only with the FileID. In that way you can share multiple
links, all with a common password: the Pre-Shared Key.
When
downloading the file with MegaDownloader, the program will calculate the
FileKey with the Pre-Shared Key, and will be able to download and
decrypt the file content.
As you can imagine, the hash value is lost - we don't have the
FileKey! MegaDownloader will still be able to decrypt the content and
download the file.
Of course, you can share the complete link with
the FileKey as a normal link :) If you do, note that the FileKeys of all
files will have a similar structure: the first and third part of the
password will be the same, and only the second and fourth part will be
different - because of the hash, which is unique for all files!
For example, consider this link:
https://mega.co.nz/#!yI00XQwY
You don't have the key, so you are unable to download it... now, open MegaDownloader, go to the Configuration, Pre-Shared Keys, and put "Lorem Ipsum" as a key. Save and try to download it.
You will be able to do it!
Security Concerns
At the beginning we said that the FileKey was generated randomly for each file.
Using
the Pre-Shared Keys or the Key Watermarks, we generate a non-random
FileKey: all the files using the Pre-Shared Keys will use the same
password as the original "seed", and all the files using the Watermark
will contain the same text in the FileKey. So the key to decrypt each
one of these files is less secure than an unique-randomly-created key!
For that reason it is not recommended to use these features. Use them
only if you know really what you are doing, and if the security is not
your main concern.
Conclusion
MegaUploader Watermark feature allows you to specify the first and third chunk of the FileKey and put your personalised text.
The Pre-Shared Key feature allows you to share only the link with the
FileID, so users with the Pre-Shared Key will be able to download it
using MegaDownloader, even if they don't have the FileKey.
These
features reduce the FileKey security so they should only be used when
security is not a main concern. If not, it is recommended not to use
them.
