Darkdrive – self-hosted encrypted cloud storage with split keys

Name: Darkdrive – self-hosted encrypted cloud storage with split keys
Availability: InStock
Author: plue-tech

by plue-tech·Apr 13, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●MidSlickBold Bet

Split-key architecture enables file previews, but closed-source code undermines security claims.

Strengths

•Split-key design balances security with server-side preview generation enabling thumbnails.
•Single PHP deployment simplifies self-hosting on shared hosting providers.
•Encrypts filenames and directory structures, not just file contents.

Weaknesses

•Closed-source application code prevents independent security audits of the implementation.
•€99 annual license is expensive compared to free Nextcloud encryption apps.

Post Description

I built Darkdrive, a small self-hosted cloud storage app.

Files and filenames are encrypted with AES-256-GCM before hitting disk, so the filesystem contains only ciphertext.

The encryption key is not stored in one place on the server at rest. It’s split between: - a session share stored server-side - an encrypted cookie stored in the browser

Both parts are required to decrypt files. A compromised cookie or session file alone yields nothing.

The core encryption layer is published for review. The full application is not open source at this time. https://core.darkdrive.de/public/a7c3222a5c6e12bef0648266/cr...

I chose server-side encryption over fully client-side systems to keep it simple to host while still allowing features like previews, thumbnails, and easy access across devices.

Darkdrive is a single PHP application that runs on shared hosting with minimal setup. It encrypts filenames and directory names alongside file contents, and uses split-key server-side crypto.

Happy to answer questions about the threat model or implementation.