Data Transfer: Effortless and Secure with Magic-Wormhole

Transferring files between computers can still be surprisingly cumbersome in the modern digital age. Email attachments have size limits, cloud storage services require uploading and sharing links, and setting up secure connections like scp can be unnecessarily complex for a quick transfer. But what if there was a tool that made securely sending files as simple as speaking a few words? This is where magic-wormhole comes in, a fantastic command-line utility for Unix-like systems that does just that.

magic-wormhole allows you to transfer files, directories, or even short text snippets effortlessly and with high security from one computer to another. The “magic” lies in the use of a “wormhole code” – a short phrase that is easy for humans to remember and that connects the two endpoints.

Imagine the following scenario: You have a Raspberry Pi at home and want to securely transfer a file to a server on the internet, without setting up complex port forwarding or exchanging SSH keys. This is exactly where magic-wormhole shines.

To install wormhole we’ll use this command:

apt install magic-wormhole

Here’s how it works in detail:

1. On the sending server: You use the wormhole send command followed by the path to the file or directory you want to share.

wormhole send obsidian-sync.tar

2. magic-wormhole contacts a public rendezvous server and generates a unique, single-use code, e.g., “42-suspicious-breakup”.

3. You share this code with the person (or yourself, if you operate the server) on the receiving machine – via chat, phone, or other means.

4. On the receiving machine (your server on the internet): The person enters the wormhole receive command followed by the code they received.

wormhole receive 42-suspicious-breakup

5. Once the codes match, magic-wormhole establishes an end-to-end encrypted connection. This uses a cryptographic method called PAKE (Password-Authenticated Key Exchange), specifically SPAKE2. This allows for the secure exchange of a strong session key using the short, less complex wormhole code, without the code itself being the secret for encryption or the servers knowing the secret.

6. The data transfer begins directly between the two computers, if possible. If a direct peer-to-peer connection cannot be established (often the case with computers behind NAT, like your Raspberry Pi at home), a transit relay server is used to forward the encrypted data. The important information here is: the transit server cannot decrypt the data because the encryption is end-to-end between your source server and the destination server.

The big advantage of magic-wormhole in this scenario is that you don’t have to worry about your home network configuration. The server doesn’t need to be reachable from the internet or have special ports opened. magic-wormhole elegantly overcomes NAT limitations. At the same time, you don’t need to set up a new user account or deposit SSH keys on the target server.

Whether you want to push a large file from your home server to a cloud server, transfer configuration files quickly and securely, or simply exchange data between two computers where a direct connection is difficult, magic-wormhole offers a refreshingly simple and secure solution. It is an impressive demonstration that even in a connected world, there is still magic to be found on the command line.

Give magic-wormhole a try the next time you need to send something from one computer to another. It might just quickly become your preferred file transfer tool.