On Fri, May 18, 2007 at 03:31:50PM -0400, stuart van Zee wrote:
> I have just been handed a new project and would like to
> know if anyone has any software suggestions that would
> fit the requirements or at least a point in the right
> direction.
>
> We need to have an https server running that users can
> upload un-encrypted files to and have those files encrypted
> on the fly and safely stored away until they are needed.
>
> This is to help us interface with brain-dead people that
> are unable to encrypt a file (or unable to remember to).
>
> Those same people will need to be able to download their
> files as they need them and have them decrypted for them
> and sent over https so that they can use their web browser
> to retrieve the files. The fact that these files aren't
> encrypted on the users system is not our problem, we just
> need to be absolutely sure that they aren't sitting on our
> system without being encrypted.
>
> Needless to say, I would like to run said https server on
> an OpenBSD box so that I can have a hope of sleeping at
> night.
I think the only way to do this in a slightly-less wrong way would
involve manually enabling access to the encrypted files; that is, at
start, the admin should key in the code for the vnd, start a daemon and
provide it a passphrase, or something similar.
To that end, a FastCGI external server in your favourite programming
language should do; feel free to require the users to log in (at HTTP
level, for instance) and use that to construct a key. If you want, you
might add some calculation to make cracking more difficult (mainly,
running a hash algorithm a couple of times before using the passphrase
as the encryption key; bonus points for using a salt. This won't make it
harder to crack all files of a single user in parallel, though - after
all, they are all encrypted using the same passphrase; feel free to XOR
it with some additional pieces of data to obfuscate it a little.).
Joachim
--
PotD: x11/xcursorgen - X11 Cursors themes generator
