Lenzeye File Transfer¶
The fastest, most secure way to send large files — no account needed on the sender's side.
Lenzeye File Transfer is the flagship feature of Lenzeye Technologies. It allows anyone — a client, a vendor, a collaborator — to upload files directly into a registered user's secure storage without needing to create an account or install any software. The receiver (registered user) controls everything: storage limits, encryption, and access.
What Problem Does It Solve?¶
Traditional file transfer in India is fragmented:
- WhatsApp compresses photos and videos, destroying quality.
- Google Drive / WeTransfer require both sender and receiver to have accounts.
- Email attachments are capped at 25 MB.
- Physical drives / pen drives are error-prone and not scalable.
Lenzeye File Transfer eliminates all of these problems. A photographer's client can send 2,000+ RAW files in a single session — no account, no app, no compression — directly into the photographer's encrypted cloud storage.
How It Works — User Perspective¶
flowchart TD
A[Receiver shares upload link] --> B[Sender opens link in browser]
B --> C[Sender enters email
accepts guidelines]
C --> D{Encryption enabled?}
D -- Yes --> E[Files encrypted
then uploaded]
D -- No --> F[Files uploaded
directly to cloud]
E --> G[Download link generated]
F --> G
G --> H[Sender gets token + OTP]
- The receiver (registered Lenzeye user) shares their upload page link.
- The sender opens the link, enters their email, and reviews the upload guidelines — no account creation required.
- The sender selects files (any type, any size within storage limits).
- Files are uploaded in secure chunks directly to the receiver's cloud storage.
- A shareable download link with a one-time OTP is generated automatically.
- The receiver can access, download, or manage files from their Lenzeye dashboard.
Key Capabilities¶
| Capability | Detail |
|---|---|
| No sender account required | Sender only needs an email address |
| Large file support | Tested with 2,600+ files in a single session (6h 56min sustained) |
| Any file type | RAW photos, videos, PDFs, ZIPs — no restrictions |
| Chunked transfer | Files split into 10 MB parts — resumable, reliable |
| Server-side encryption | AES-256-CTR encryption per file if receiver has it enabled |
| Unique folder naming | Duplicate folder names auto-versioned (_v1, _v2, etc.) |
| Storage awareness | Checks available storage before upload begins |
| OTP-protected download link | Every upload generates a secure, shareable link |
| Live storage stats | Sender sees real-time Wasabi storage usage on the upload page |
Upload Flow — Technical Overview¶
Phase 1 — Pre-Upload Checks¶
Before a single byte is transferred, Lenzeye performs three checks:
- Guidelines check — Has the sender reviewed and accepted the current upload guidelines? The guidelines are hashed (SHA-256) and the accepted version stored per user — if guidelines are updated, re-acceptance is required.
- Storage check — Does the receiver have enough available storage for the selected files? The check is done in GB and blocks upload if insufficient space exists.
- Folder name check — If a folder with the same name already exists in the receiver's storage, Lenzeye automatically assigns a unique name (
folder_v1,folder_v2, etc.) to prevent collisions.
Phase 2 — Multipart Upload¶
Lenzeye uses S3 Multipart Upload (via Wasabi S3-compatible API):
- Each file is split into 10 MB chunks (parts).
- Each part is uploaded independently via a presigned URL — a time-limited, cryptographically signed URL that allows the browser to upload directly to cloud storage.
- Parts are assembled on the cloud side — the Lenzeye server never buffers the full file in memory.
- If a part fails, only that part is retried — not the entire file.
Phase 3 — Encryption (When Enabled)¶
If the receiver has server-side encryption enabled, the upload path changes:
flowchart LR
A[Browser sends
raw chunk] --> B[Lenzeye Server]
B --> C[AES-256-CTR
encrypt chunk]
C --> D[Upload encrypted
chunk to Wasabi S3]
D --> E[HMAC accumulated
per chunk]
E --> F[HMAC stored in
S3 metadata]
- Each chunk is encrypted on the server before reaching cloud storage.
- The encryption uses AES-256-CTR mode — a seekable stream cipher that allows each chunk to be encrypted at its correct byte offset independently.
- An HMAC-SHA256 integrity tag is accumulated chunk-by-chunk during upload and stored in S3 metadata on completion — no re-download needed to compute it.
- The server processes at most 4 concurrent encrypt+upload operations at any time, keeping peak memory usage bounded (≈80 MB for encryption buffers).
Phase 4 — Link Generation¶
After all files are uploaded:
- A GuestDownloadLink record is created in the database with a unique cryptographic token.
- A one-time OTP is generated and bound to the link.
- The shareable URL format:
/guest/transfer-manager?token=<token>&otp=<otp> - The sender receives this link immediately after upload completes.
Storage Layout on Cloud¶
Every file uploaded via Lenzeye File Transfer is stored at:
<receiver_email>/<folder_name>/<filename>
Example:
studio@example.com/Wedding_Album_v1/DSC_0001.RAW
studio@example.com/Wedding_Album_v1/DSC_0002.RAW
This keeps each receiver's files completely isolated by email namespace.
Encryption Details¶
| Property | Value |
|---|---|
| Algorithm | AES-256-CTR (Counter Mode) |
| Key size | 256-bit (32 bytes) per user |
| IV size | 128-bit (16 bytes), randomly generated per file |
| Integrity | HMAC-SHA256 (Encrypt-then-MAC) |
| Key wrapping | Per-user key encrypted with AES-256-GCM master key |
| Storage format | [16B IV][ciphertext] + HMAC in S3 metadata |
| Key derivation | Master key loaded from environment variable, never stored in code |
Why AES-256-CTR?¶
CTR mode converts AES (a block cipher) into a stream cipher. This makes it seekable — any byte position in the encrypted stream can be computed independently without decrypting from the beginning. This property is essential for multipart uploads: each 10 MB chunk can be encrypted at its correct byte offset without knowing the previous chunk's state.
Performance & Reliability¶
- Validated: 2,630+ files transferred in a single session over 6 hours 56 minutes with zero crashes or data loss.
- RAM efficiency: Peak server RAM usage during sustained large uploads stayed within 243–398 MB on a 512 MB server.
- Concurrency: Up to 4 simultaneous encrypt+upload streams per server instance, queuing additional requests without rejection.
- Resumability: Multipart upload sessions can be validated and resumed — stale sessions are detected and aborted cleanly.
Security Properties¶
| Property | How Lenzeye Achieves It |
|---|---|
| Data confidentiality | AES-256-CTR encryption before data reaches cloud storage |
| Data integrity | HMAC-SHA256 verified on every download |
| Access control | OTP-protected download links, token-based session validation |
| Sender verification | Email + guidelines acceptance before any upload begins |
| Storage isolation | Each user's files stored under their own email namespace |
| No credential exposure | Presigned URLs expire — no permanent S3 credentials shared with browser |
| Tamper detection | HMAC verification raises InvalidSignature on any modification |
Comparison With Other Services¶
| Feature | Lenzeye File Transfer | WeTransfer | Google Drive | |
|---|---|---|---|---|
| No account for sender | ✅ | ✅ | ❌ | ❌ |
| End-to-end encryption | ✅ | ❌ | ❌ | ✅ (messaging only) |
| File size limit | Storage plan based | 2 GB (free) | 15 GB total | 2 GB |
| Quality preservation | ✅ No compression | ✅ | ✅ | ❌ Compressed |
| Stored in receiver's account | ✅ | ❌ | ❌ | ❌ |
| Indian data compliance focus | ✅ | ❌ | ❌ | ❌ |
| Bulk file transfer (1000+) | ✅ Validated | Limited | Limited | ❌ |
Current Status¶
Lenzeye File Transfer is live and validated in production. It has been tested with real users across sustained large-volume upload sessions. The feature is stable, production-ready, and forms the core of the Lenzeye platform.
Upcoming Improvements¶
- Email notification to receiver when a guest upload completes
- Upload progress tracking across browser refresh (session persistence)
- Android app support for guest uploads
- Configurable per-link expiry for download links