Good Secure Transfer Protocol


2003-02-19 - Gestapo 0.5 released

Version 0.5 of Gestapo is released to the public, this release includes win32 binaries of QSTP. Get it from our SourceForge page here.


What is GSTP?

Good Secure Transfer Protocol is a binary file transfer protocol that focuses on security and anonymousity. It tries to do right, where FTP does wrong, especially when it comes to firewall and user/password security.


Why not FTP/HTTP or any other file transfer protocol?

Simply, they suck.

FTP: The guy who invented this protocol is probably dead, becouse this is how old this protocol and design is. FTP is not friendly with NAT and firewall, it is high latency (even listing directories needs to open a new connection) and NOT secure! (yes I know that ftp-ssl is availble, but HOW many uses that REALLY?).
Not to mention the numerous exploits found in the ftp server implementations. Not all of these are FTP's fault, but some of them are due to the horribly inconsistent and vague FTP protocol.

HTTP: HTTP is NOT a file transfer protocol, you can't really upload files in a nice way, and it is not designed for listing catalogs or login and more. It is really no use to compare GSTP with HTTP. Plus the guys that developed HTTP/1.1 has a very little feeling for SMALL protocol, a more bloated RFC you really have to look for.

SCP / SFTP: The openssh / ssh implementation allows secure transfers, but come on, this is not meant for file transfers either.


Read our "rfc" gstp.txt. If you want to develop your own implementation of GSTP, you've got the whole protocol documented in the above specification. It's easy to learn yet has all the features you need in a file transfer protocol. There is also a reference implementation called Gestapo, and a QT GUI client called QSTP that you can look at.

The Gestapo distribution has a library that makes creation of your own implementation even more easy.


Download our releases at our sourceforge page,

For you who is running Debian GNU/Linux (unstable) you can add this to your sources.list:
deb unstable main.


For more bleeding egde you can use bitkeeper to access our development version, do
bk clone bk:// gstp


Main programmers are Tobias Rundström and Alexander Haväng.