File Security
Posted: Tue Jun 09, 2009 11:24 pm
Hey all,
Quick summary, I'm building a system that has files that are user submitted and I need them to be secure. All transactions will be done through SSL, files will be encrypted and the filenames will be regenerated. You would need access to the PHP code, MySQL database, and storage servers to access any of the files.
Main questions
What encryption algorithm should I use to encrypt the files (speed isn't really an issue, but be reasonable).
What do you think of what I have so far in terms of security?
Note
This isn't really a question about application security, SQL injection, blah blah blah, more of a question about how I'm working with the files and keeping them secure. If there is a few things I missed or a few things that I left out that you'd like to ask, ask away.
Long version
I'm currently working on a project that is going to require relatively high security. I was hoping to get a few peoples opinions on what I've thought of so far, mainly from kaisellgren.
This is what I've thought of so far. A user uploads a file, I generate a transaction ID and generate two different hashes. These hashes share the same salt and transaction ID, but a different pepper to create two different hashes. One hash is used for the filename, the other for the encryption key (each file is encrypted). All transactions are done through SSL (including when files are uploaded to the site and transferred to our storage servers and back.)
I originally thought about asking a user for a unique password for each file, adding a salt & pepper and setting the encryption key & filename from that. This way the only way for us to know the filename and encryption key would be to have that users password. This would make it hard for even someone with full file access to find the file & decrypt it. The user would have to go through each file (of millions), crack the encryption to find the correct file since he wouldn't know which file to find. This isn't an option since we need to be able to remove the file on a users request.
I hope I described it well it was actually like 3 times as long but I cut it down so hopefully I didn't miss anything.
Thanks again for anyone taking the time out of their day to read this. It will help a lot.
Quick summary, I'm building a system that has files that are user submitted and I need them to be secure. All transactions will be done through SSL, files will be encrypted and the filenames will be regenerated. You would need access to the PHP code, MySQL database, and storage servers to access any of the files.
Main questions
What encryption algorithm should I use to encrypt the files (speed isn't really an issue, but be reasonable).
What do you think of what I have so far in terms of security?
Note
This isn't really a question about application security, SQL injection, blah blah blah, more of a question about how I'm working with the files and keeping them secure. If there is a few things I missed or a few things that I left out that you'd like to ask, ask away.
Long version
I'm currently working on a project that is going to require relatively high security. I was hoping to get a few peoples opinions on what I've thought of so far, mainly from kaisellgren.
This is what I've thought of so far. A user uploads a file, I generate a transaction ID and generate two different hashes. These hashes share the same salt and transaction ID, but a different pepper to create two different hashes. One hash is used for the filename, the other for the encryption key (each file is encrypted). All transactions are done through SSL (including when files are uploaded to the site and transferred to our storage servers and back.)
I originally thought about asking a user for a unique password for each file, adding a salt & pepper and setting the encryption key & filename from that. This way the only way for us to know the filename and encryption key would be to have that users password. This would make it hard for even someone with full file access to find the file & decrypt it. The user would have to go through each file (of millions), crack the encryption to find the correct file since he wouldn't know which file to find. This isn't an option since we need to be able to remove the file on a users request.
I hope I described it well it was actually like 3 times as long but I cut it down so hopefully I didn't miss anything.
Thanks again for anyone taking the time out of their day to read this. It will help a lot.