Skip to content
HomeDock OS Docs

Drop Zone Overview

Drop Zone is the encrypted cloud storage system built into HomeDock OS. It is designed with per-user encryption and authenticated cryptography, ensuring each user can only decrypt their own files, and that files are tightly bound to their rightful owner.

Since version 1.0.18.108, Drop Zone uses AES-256 in GCM mode (authenticated encryption) and PBKDF2-HMAC-SHA256 with 1.2 million iterations, unique salts, and associated data. Files encrypted with the old CBC-based system are automatically migrated to the new format when accessed.

Version 2.0.3.106 introduced a complete redesign with folder support, allowing you to organize encrypted files in custom folder structures with hierarchical navigation.

In short, Drop Zone is now 10–50× more secure, faster, and more organized

How Easy Is It to Use?

Section titled “How Easy Is It to Use?”

Drop Zone is effortless to use. Just drag, drop, and relax, your files are encrypted and stored securely. No complex setup. HomeDock OS handles everything behind the scenes.

Folder Organization (Version 2.0.3.106)

Section titled “Folder Organization (Version 2.0.3.106)”

The Drop Zone redesign introduced comprehensive folder support:

Folder Features

Section titled “Folder Features”

Hierarchical Structure

  • Create custom folder structures to organize your encrypted files
  • Nested folder support with unlimited depth
  • Breadcrumb navigation for easy path tracking
  • Folder-aware file operations

Drag-and-Drop Upload

  • Upload entire folders maintaining directory hierarchy
  • Fullscreen drag-and-drop overlay with visual feedback
  • Automatic filtering of hidden files (.*) during folder uploads
  • Files automatically placed in target folders

Folder Management

  • Create new folders with validation and permission checks
  • Rename and organize folders
  • Delete folders with recursive removal of contents
  • Recursive size calculation showing accurate folder sizes

View Modes

  • Grid View: Desktop-like layout with positioned icons
  • List View: Grouped folder sections for easy browsing
  • Persistent view mode preference saved in localStorage
  • Smooth transitions between view modes

Navigation & Search

Section titled “Navigation & Search”

Hierarchical Navigation

  • Browse through folders seamlessly
  • Breadcrumb path navigation showing current location
  • Quick navigation to parent folders
  • Folder expansion and collapse

Global Search

  • Folder-aware search with recursive folder scanning
  • Results grouped by parent directories
  • Shows full path context for files
  • Filters hidden files automatically

Context Menu

  • Right-click actions for files and folders
  • Folder-specific operations (open, delete, properties)
  • File operations (download, delete, info)
  • Touch-friendly long-press support on mobile

File Display

Section titled “File Display”

Enhanced Metadata

  • Folder sizes calculated recursively
  • Relative timestamps (“5m ago”, “1h ago”, “Now”)
  • “NEW” indicators for recent uploads (within last hour)
  • Compact size badges
  • Visual file type indicators with dynamic icons

Multi-Selection

  • Select multiple files/folders for batch operations
  • Ctrl+Click for individual selection
  • Drag-to-select area selection
  • Batch download and delete support

Smart Sorting

  • Sort by name, size, or date
  • Ascending/descending toggle
  • Sort order preserved across view changes
  • Folders typically displayed before files

Example:

Original Content (My_Super_Secret_Story.txt):

He opened his eyes, remembered to breathe, and forgot forever.

Encrypted Content:

����b�Y7�=��'\�o�!��l�H�Q��HvSH#�=PN`i���G�\�*&����33Y��  �.��!��3��6�˝/z�aw��

Benefits of Using Drop Zone

Section titled “Benefits of Using Drop Zone”
  • Authenticated Encryption: Now uses AES-256-GCM (instead of CBC), which ensures both confidentiality and integrity. Tampering with encrypted files results in immediate decryption failure.
  • Per-User Derived Keys: Each user has a unique random key and key derivation using PBKDF2 with 32-byte salt entry with username binding in homedock_dropzone.conf. Keys are derived using PBKDF2-HMAC-SHA256 with 1.2 million iterations, ensuring files cannot be decrypted even if users swap their keys.
  • Associated Data Binding: The username is embedded into the AES-GCM encryption as associated data. This is separate from its use in the salt and ensures that even if the key is correct, decryption fails if the user doesn’t match.
  • Legacy Compatibility: Files encrypted with the legacy AES-CBC system are automatically detected and migrated to the new GCM format on access, with no user intervention required.
  • Performance via Caching: Derived keys are cached in-memory per user, avoiding expensive re-derivation on every upload or download. This makes the system faster despite strong cryptographic parameters.
  • Secure-by-Default Behavior: Files are always stored encrypted at rest and decrypted only in memory, and all encryption/decryption is tied to the authenticated user.
  • Folder Encryption: Folder paths are also encrypted, maintaining security across entire directory structures (version 2.0.3.106+).

Advanced Features (Version 2.0.3.106+)

Section titled “Advanced Features (Version 2.0.3.106+)”

Touch Optimization

  • Long-press detection for mobile context menus
  • Touch-friendly selection mechanisms
  • Mobile-optimized context menus for tablets and phones
  • Responsive touch interactions

Download Progress

  • Visual progress bars overlaid on files during downloads
  • Real-time transfer status display
  • Percentage indicators for large file downloads

Empty State Handling

  • Contextual messages when no files exist
  • Helpful user guidance for first-time users
  • Search-specific empty states

Grid View Positioning

  • Automatic layout calculation
  • Optimal icon placement
  • Responsive grid adjustments for different screen sizes

Error Handling

  • Detailed error messages for failed operations
  • Security violation detection
  • User-friendly feedback for all operations

Status Bubble System

  • Uses Vue Teleport for proper notification rendering
  • Renders outside component hierarchy
  • Fixes z-index stacking issues
  • Better visual feedback for operations

Path Security

  • Path validation preventing directory traversal attacks
  • Symlink detection for security
  • Safe path validation on all file operations
  • Protection against malicious path manipulation

Security Summary

Section titled “Security Summary”
FeatureLegacy (dz_key)Current (dzkey_v2)
AlgorithmAES-256-CBCAES-256-GCM
Iterations100K1.2M
Authenticated Encryption
Unique Salt per User✅ (32 bytes)
Associated Data Binding✅ (username)
Per-User Key Derivation
Key Derivation Inputusernameusername + salt
In-Memory Key Caching
Decryption Tied to Username⚠️ (indirect)✅ (strict binding)

Summary:

dzkey_v2 dramatically strengthens security with authenticated encryption, personalized salt + key derivation, and seamless legacy migration. All while improving performance and backward compatibility.

How It Works?

Section titled “How It Works?”

Current (dzkey_v2)

Section titled “Current (dzkey_v2)”

Since version 1.0.18.108, Drop Zone uses:

  • AES-256-GCM (Authenticated Encryption)
  • PBKDF2-HMAC-SHA256 (1,200,000 iterations)
  • Salt: Random 32-byte value per user, stored in homedock_dropzone.conf
  • Associated Data: Username (lowercased) included as an integrity check
  • Key Caching: Derived keys are cached in memory for performance
# Derive the final encryption key
kdf = PBKDF2HMAC(
    algorithm=hashes.SHA256(),
    length=32,
    salt=username.lower().encode() + salt,
    iterations=1_200_000,
    backend=default_backend(),
)
derived_key = kdf.derive(base_key)


# Encrypt with AES-GCM and associated data
aesgcm = AESGCM(derived_key)
nonce = os.urandom(12)
associated_data = username.lower().encode()
encrypted_data = aesgcm.encrypt(nonce, plaintext, associated_data)

The result is: nonce + encrypted_data. The authentication tag is embedded automatically.

This ensures:

  • Even if someone copies another user’s config, decryption will fail.
  • The file is cryptographically bound to the original user via both salt and associated_data.

Legacy / Deprecated (dz_key)

Section titled “Legacy / Deprecated (dz_key)”

The legacy system used:

  • AES-256-CBC
  • Key derived from a global base key + username
  • No integrity/authentication (plaintext could be tampered with)
  • Migration path: All files using this format are detected and re-encrypted into dzkey_v2 on first access.
# Legacy derivation
kdf = PBKDF2HMAC(
    algorithm=hashes.SHA256(),
    length=32,
    salt=username.encode("utf-8"),
    iterations=100000,
    backend=default_backend(),
)
key = kdf.derive(base_key)


# Legacy encryption
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())

Example Config (homedock_dropzone.conf)

Section titled “Example Config (homedock_dropzone.conf)”
dzkey_v2:user:qWERTYsaltBASE64==:zxcvbkeybase64==
dzkey_v2:alice:Dk382Slkcs82Lwl2pQ==:zme827xD72Lsla92V==

Only the base and salt are stored. The final encryption key is derived at runtime.

Conclusion

Section titled “Conclusion”

Drop Zone now offers security guarantees comparable to enterprise-grade encrypted storage systems. All encryption is:

  • End-to-end: Files are never stored in plaintext.
  • Per-user: Nobody can access your data but you.
  • Fast: Thanks to in-memory caching, even with strong encryption.

For more technical details or updates, check the latest code on GitHub.