Re^3: Encrypt files on server and then decrypt when user downloads

I'm looking to protect against the situation where someone gets on the server. I don't want them to be able to view the files directly on the machine or be able to copy them to another machine and then view them.

If you are going to decrypt them during download, and the bad guys have access to the server, they would only need to inspect your download script to see how to decrypt the files.

If they can copy the encrypted file, they can also copy the decryption script and perform the decryption on their own machine at their leisure.

The only way to protect the files on a compromised server would be for the users to download them encrypted and decrypt them locally using local software and keys known only to themselves. For example, if you encrypted the files for each user using their public key, and they decrypt them locally using their private key.

The downside of that is that you would have to encrypt files that may be downloaded by multiple users, multiple times, and keep multiple, unique copies of them.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

RIP Neil Armstrong

Comment on Re^3: Encrypt files on server and then decrypt when user downloads

Replies are listed 'Best First'.
Re^4: Encrypt files on server and then decrypt when user downloads by MPM (Novice) on Oct 19, 2012 at 19:57 UTC
I understand that it's not 100% secure, I'm just trying to add another layer, well it's not really me that wants to add it, but anyway.....also, just because they have access to the server and possibly the files, that wouldn't necessarily mean they have access to the script also. Thanks for the input though.	[reply]
Re^5: Encrypt files on server and then decrypt when user downloads by Illuminatus (Curate) on Oct 19, 2012 at 21:57 UTC
I echo BrowserUK's sentiment. Put another way "put your effort into protecting access to the files, not encrypting them". Using linux for an example, you can set the directory permission of the files to only allow read for the owner or group. The 'web-server SSL' user should be the owner. If a hacker can get access as the web-SSL user (or root), then you should be concentrating on improving access security, not download security. If this is a remote-FS issue, ie the web-server mounts the FS where these files reside, and security isn't as good on that file-server, fix the security there. fnord	[reply]
Re^5: Encrypt files on server and then decrypt when user downloads by BrowserUk (Patriarch) on Oct 19, 2012 at 20:03 UTC
also, just because they have access to the server and possibly the files, that wouldn't necessarily mean they have access to the script also. Ah well. If the script is secure, just put the files in the same place as the script and they'll be no need to encrypt them. With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday' Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. RIP Neil Armstrong	[reply]
Re^5: Encrypt files on server and then decrypt when user downloads by moritz (Cardinal) on Oct 20, 2012 at 06:23 UTC
I understand that it's not 100% secure, I'm just trying to add another layer But it's not another layer -- it's simply the pretense of another layer. Perl 6 - the future is here, just unevenly distributed	[reply]
Re^4: Encrypt files on server and then decrypt when user downloads by Anonymous Monk on Oct 20, 2012 at 08:46 UTC
If the files are encrypted with a user-supplied password/passphrase/public key, and decrypted by the server on download, it would give a fairly good balance between security and convenience. The attackers, if they get control of the server, could then only decrypt the files the users download by sniffing passphrases.	[reply]
Re^5: Encrypt files on server and then decrypt when user downloads by BrowserUk (Patriarch) on Oct 20, 2012 at 09:10 UTC
The attackers, if they get control of the server, could then only decrypt the files the users download by sniffing passphrases. If the bad guys get access to the server, tweaking the download script to forward the filenames and associated decryption key to some dead-drop would be trivial. Done with a little care, the server/site owner need never know the script had be tweaked unless they happened across the two or three lines of code that would need to be added to the source. Done with a little more care -- secreted into the source of a standard module called by the decryption script -- even that risk of discovery can be mitigated. Far better that the user's decryption key is never seen by the server. And actually relatively easy to arrange. If the site doesn't want to require the user to download the tool and do the decryption manually, then they only need write the decryption code in javascript. It then gets downloaded to the users machine automatically and it prompts for the user's key locally. It still requires the user to supply an encryption key prior to the file's creation; and to have a separately encrypted copy of a given file for each user that will download it. With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday' Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. RIP Neil Armstrong	[reply]


Perl Monk, Perl Meditation
	PerlMonks