Hey everyone,
For one of roles, I've been receiving a couple of documents from people via email. It's non-sensitive data so email is fine, but I'd like to make a small portal where people can upload the files and only when they submit all the files required do I get notification that the request is complete.
Regardless of content, I'd like to store documents securely. It's also got me thinking about encryption in general for my other needs. Initially I looked at AES encryption in MySQL but the general consensus is this does no good as the key is readily available in the server. So this got me to thinking about public/private key encryption.
Here's the plan I'm researching to see if it would work or if it's already been done and I just can't find the standard implementation:
- I generate a public/private key pair. Public key goes to the web server, private key stays with me at my computer.
- User uploads file via the webpage to my web server through an https site.
- Upload script takes the file, encrypts it with the public key, and stores it in the file system or a database.
- Upon completion, I get notified and I connect to the server and download the files via SSH or other encrypted connection.
- Finally, I locally decrypt the files using the private key and process them as necessary.
Any flaws I'm missing in this scenario? Or if there's better ways to accomplish this, can anyone point me in the right direction? Thanks.