views:

31

answers:

1

Hey everyone,

For one of roles, I've been receiving a couple of documents from people via email. It's non-sensitive data so email is fine, but I'd like to make a small portal where people can upload the files and only when they submit all the files required do I get notification that the request is complete.

Regardless of content, I'd like to store documents securely. It's also got me thinking about encryption in general for my other needs. Initially I looked at AES encryption in MySQL but the general consensus is this does no good as the key is readily available in the server. So this got me to thinking about public/private key encryption.

Here's the plan I'm researching to see if it would work or if it's already been done and I just can't find the standard implementation:

  1. I generate a public/private key pair. Public key goes to the web server, private key stays with me at my computer.
  2. User uploads file via the webpage to my web server through an https site.
  3. Upload script takes the file, encrypts it with the public key, and stores it in the file system or a database.
  4. Upon completion, I get notified and I connect to the server and download the files via SSH or other encrypted connection.
  5. Finally, I locally decrypt the files using the private key and process them as necessary.

Any flaws I'm missing in this scenario? Or if there's better ways to accomplish this, can anyone point me in the right direction? Thanks.

A: 

Your plan basically says that you trust the server, but not the filesystem. This is used in cases where you are using a shared service or 3rd party backup, or want to enforce a data destruction policy via periodic destruction of the encryption key.

It's really the best you can do if you don't want to burden your users with encrypting the file before uploading.

The only trick is setting up the web server so that it keeps uploaded files strictly in memory until you encrypt them. PHP, for example, will by default write uploaded files to /tmp before even calling your script.

MadCoder