tags:

views:

31

answers:

2
+1  Q: 

Extend file upload class to use encryption

Is there an easy/straightforward way to extend the file upload class to encrypt files that are being uploaded? Not just encrypting the filename, but rather the data in the file itself.

I'm using mcrypt for db encryption, and would prefer to use the same for file encryption.

Looking through the Upload.php library, I don't see an obvious place where the uploaded file is read which is where I assume I'd shim in the encryption.

Any help/advice would be appreciated.

edit:

What I'm thinking is that somewhere in do_upload() (I'm thinking file_temp) the file gets encrypted before being moved (not copied!) into its final destination. However, I don't see anywhere in Upload.php where the code is working with any of the files' data outside of filename, size, type, etc. Does this approach make sense?

A: 

Rather than encrypting just the upload, use HTTPS/SSL to encrypt the entire connection between the client and server.

mcandre  2010-06-03 15:29:36
The connection *is* encrypted already. I need the files to be encrypted when they live on the server. A trucrypt solution does not work in this case, though. Thanks!
stormdrain  2010-06-03 15:47:39
Ah, the connection is already encrypted. Then upload the file normally and encrypt it on the server using mcrypt.
mcandre  2010-06-03 15:53:30
This is probably what i would have suggested.
DRL  2010-06-03 16:23:53
@mcandre: this is precisely what I'm trying to do; what I need help with is *how* to do it within the codeigniter framework (preferably using/modifying the upload class). Thanks again for the responses.
stormdrain  2010-06-03 16:48:09
A: 

I decided to forgo modifying the upload class. What I did was after the file was uploaded, open the file, encrypt it, and write it out again.

$f=file_get_contents(BASE_PATH.$fileFullPath) or die ('<script>window.parent.transUpdateFail(\'no gfc'.$fileFullPath.'\');</script>');
$encf=$this->encrypt->encode($f,$this->e_key) or die ('<script>window.parent.transUpdateFail(\'no encrypt\');</script>');
$nf=fopen(BASE_PATH.$fileFullPath,"r+") or die ('<script>window.parent.transUpdateFail(\'no open '.$fileFullPath.'\');</script>');
$fw=fwrite($nf,$encf) or die ('<script>window.parent.transUpdateFail(\'no fwrite\');</script>');
fclose($nf);
stormdrain  2010-06-03 17:47:58

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords