|laziness, impatience, and hubris|
Customer data encryptionby 0xbeef (Hermit)
|on Feb 25, 2007 at 11:35 UTC||Need Help??|
0xbeef has asked for the
wisdom of the Perl Monks concerning the following question:
Dear encryption monks
A colleague and myself have written a collector tool (in perl of course!) that collects o/s data on customer systems. Another tool performs an analysis of this data, potentially directly by the customer. The output could however be sent to us for in-depth analysis and audit purposes.
I have been researching a method to enable the customer to encrypt the output files before they are sent to us, but I am not experienced in encryption and scared I might miss something important.
The output files are 15-30MB uncompressed, or 1-5MB compressed. Initially I thought it would make sense to provide my public RSA key to the code (via config file), and use that to encrypt the data. From what I read only using an asymmetric cipher would be very slow, but I then started reading about hybrid encryption techniques - which for my purposes would work something like this:
1. Collector tool generates a random new encryption key.
Obviously, only the private RSA keyholder can unencrypt the output file, so by implication the automated analysis tool we provide cannot be used at the customer site once the output is encrypted. I now intend to provide a configurable option to allow a customer RSA key as well, so that the encryption can be used to switch to allow for local or remote analysis.
Also, do I need to encrypt and then compress, or compress and then encrypt?
Any monastry scrutiny would be appreciated!