Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Re^2: Encrypt files on server and then decrypt when user downloads

by MPM (Novice)
on Oct 22, 2012 at 14:30 UTC ( #1000357=note: print w/replies, xml ) Need Help??

in reply to Re: Encrypt files on server and then decrypt when user downloads
in thread Encrypt files on server and then decrypt when user downloads

Thank you everyone for the input, but regardless of whether it makes complete sense to do, it's something a client wants done. Ideally, the file would be be decrypted on the user's end, but that is not a possibility ( potentially thousands of not so technical users). So GPG IS what I think I should use. I'm am looking for some guidance on how to actually accomplish it with Perl.

  • Comment on Re^2: Encrypt files on server and then decrypt when user downloads

Replies are listed 'Best First'.
Re^3: Encrypt files on server and then decrypt when user downloads
by zentara (Archbishop) on Oct 22, 2012 at 16:31 UTC
    If by decrypt when the user downloads means that the server just spits out a decrypted GPG pipe, and sends plain text over the network to the client, that is fairly easy, but I would'nt call it secure. Anyone can see all your files by sniffing the network.

    So you are stuck sending information thru GPG encrypted mail, because I don't think GPG has a browser plugin to decode web content. Another limited option would be making GPG encrypted files available for HTML download.

    You are asking for free easy help for a big time program. Google for Perl GPG HTML and Linux GPG webmail , and you should get some pretty good guidance by going thru the links. Personally, I really like the new javascript methods around now, as I mentioned in reference to Processing.js. That way, if you could write a .pde script for Processing, you could setup a fairly secure channel to the client. And run it in the DOM , as a javascript application with a canvas id . My rational is that I don't think you can encode web content with GPG, you can only send encrypted mails. So you will need a custom Processing script to do the decoding on the client end. Maybe not GPG, but you could make up your own decoder, within the limits of what javascript will allow. You could decode on the server, and feed the data stream to a custom canvas running under Processing.js, which could run a simpler faster algorithm like RC4, Blowfish, or Rijandael. You could just implement the old "Caesar's Cipher" for encryption... ;-)

    But it isn't Perl, so all I will do, is leave it at that. From what I understand, someone is working on something similar for Perl, call Perlito, but I doubt it will ever eclipse the geniuses at M.I.T who produced Processing and Processing.js.

    I'm not really a human, but I play one on earth.
    Old Perl Programmer Haiku ................... flash japh

      I don't think it would be plain text would it? The files that they are downloading files are files like PDF and DOC, etc... Also, the clients would be using SSL( https ). The code I included originally is a lot simpler than what is going on....There is already security in place to handle user authentication and authorization to files via a web interface. I'm looking for help with perl code to encrypt the files( again, I'm think gpg ). And then, when a user logs in and clicks a link to download the file, the file is decrypted and the user downloads the file. I don't want to just make a decrypted copy of the file upon request, serve it up to the user and then delete the file. I need to handle it smarter than that since multiple end users can be accessing the same file at the same time. Any more help would be greatly appreciated.

        If you are using https, then there is no problem. All you would need to do is setup a program to decrypt your files on the server, then send it out to the browser with https. You still would have to limit access with a login, where you could use GPG keys auth, or just a plain password authentication, but you say you have that covered.

        On the server, the first method to decrypt which comes to mind is a GPG pipe. See GnuPG tie to gpg binary gives broken pipe error in CGI output and he gives a working code example.

        I'm not really a human, but I play one on earth.
        Old Perl Programmer Haiku ................... flash japh

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1000357]
[GotToBTru]: I
[GotToBTru]: ve been looking at a document we have been sending to a customer for years now
[MidLifeXis]: We don't, at least in this case ;-)
[GotToBTru]: and it includes a reference number that I didnt recognize
[GotToBTru]: I had to dig into the code to find out where it came from .. and it makes no sense
[GotToBTru]: so I emailed my contact asking if we could just stop sending it .. I'm afraid she is going to ask "what is that anyway?"
[MidLifeXis]: heh.
[MidLifeXis]: Most likely it is a code that some undocumented system, hidden behind layers of IT, deep in the bowels of the building under the machine room floor, reads that code to keep a presence switch from going off. :-b

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (9)
As of 2017-01-20 19:04 GMT
Find Nodes?
    Voting Booth?
    Do you watch meteor showers?

    Results (176 votes). Check out past polls.