GitBox is a very basic file manager built on top of the GitHub API (at first) that implements E2EE. This service allows you to upload files to your public repositories and generate their download links, well you may ask what is the point if the files will be publicly available, but that's the catch: uploaded files remains private because this service implements a end-to-end encryption, only you and those you provide the link will be able to read it. Everything is done directly from the website (your browser). Here are some insights:

• You upload files to your public repositories and generate download links.
• The uploaded file is first encrypted in your machine/browser.
• When someone tries to download your file directly through the repository without your permission, they will only be able to see a encrypted file.
• To download your file, they need your link because it contains the file decryption key.
• Generated links are never sent anywhere, they remain in your browser local storage, the only way to someone get it is by receiving it from you.

0. Have a GitHub account

First step is to have a GitHub account.

1. Create a fresh repository

After login, go to https://github.com/new and create a new repository.

It's important to create a public repository. Public repositories make your files available to the internet, and usually that means anyone will be able to access your files, but here is where GitBox comes to play, before sending to GitHub it'll first encrypt, so no matter if the file is available to everyone, only those who have the key (your link) can read its contents.

2. Generate a fine-grained token

Go to https://github.com/settings/apps and generate a fine-grained token for the repository you created in the previous step.

If you wanna details on how to do it, follow the steps of this tutorial Creating a fine-grained GitHub access token that has permission only over a specific single repository.

3. Open GitBox website

At first you'll be prompted to provide your repository URL and your access token.

Provide the repository URL of the repository you created at step 1 and the fresh grained-token you created at step 2, then click "Save settings". This will grant GitBox permission to upload files to your repository.

4. Upload files

That's it, now you can click on the "Upload files" button and select the files you want to share privately, the interface will show a list of all your uploaded files, to copy the link just click over the file you want to share.

Security

The links are your keys, if it leaks, your files will also leak, share only with people you trust.

All files and links are stored in your browser, 100% offline, it means no one can "hack" it through a external server, because there's none. But this also means that if your device is compromised, all your files and keys are also compromised, this applies to cases where your operating system is compromised (spyware, keylogger, backdoor, etc.) but also applies to cases where your browser is compromised (e.g. malicious extensions and client-side scripts).

The underlying package used in this website is the libsodium library, the crypto implementation is available there.

Disclaimer

I've never used GitHub as storage before, so please do not abuse this API, keep it as a simple helper website that you use sometimes when you want to share something, so avoid sharing 4K videos and other kind of heavy files (the website is probably going to crash anyways, it wasn't built to do so).