Page 1 of 1
Uploaded file encryption PLEASE HELP!!!!!!!!!!!!!!!!!!
Posted: Thu Mar 27, 2008 9:37 am
by ozzthegod
Hi,
I am banging my head against the wall for last 5 days. I CANT find any way to encrypt uploaded files (any extension txt,pdf,mp3,exe...etc).
I am working on a data management system and it needs to have encryption so the files people are storing with it can be accessed only from the app.
app was created in Flex and it uses PHP to handle file upload.
the biggest problem is that i have no idea on which server it will be hosted so the encryption i implement needs to be multi-platform(so no shell_exec unfortunately).
i have tryed anything i could think of, i even tryed to pull data from the file, encrypt it and then write it back into the file but that doesnt work properly with anything that is not txt. so that rules out mcrypt, crypt...
does anyone have any experience with this kind of problem if nothing else point me to the right direction.
TNX A MILLION with a cheery on top and cream and sugar and plasma TV....
Re: Uploaded file encryption PLEASE HELP!!!!!!!!!!!!!!!!!!
Posted: Thu Mar 27, 2008 9:50 am
by Mordred
ozzthegod wrote:...so the files people are storing with it can be accessed only from the app.
Simply store them in a folder which is unaccessible from the web.
Two ways:
1. (better) Outside the web tree (any sensible hosting should provide this)
2. In a protected folder in the web tree (using the proper .htaccess directives)
Re: Uploaded file encryption PLEASE HELP!!!!!!!!!!!!!!!!!!
Posted: Fri Mar 28, 2008 3:45 am
by ozzthegod
i wish it was that easy,
ppl that i am developing this for REALLY REALLY REALLY want files to be encrypted
very sensitive data and... you can guess...
tnx for the idea

Re: Uploaded file encryption PLEASE HELP!!!!!!!!!!!!!!!!!!
Posted: Fri Mar 28, 2008 4:10 am
by Mordred
ozzthegod wrote:ppl that i am developing this for REALLY REALLY REALLY want files to be encrypted
Well, tell us what do you know of encryption and keys and stuff, and what have you considered so far?
I hear that choosing a simple encryption scheme and applying it multiple times increases the security considerably. Take something basic which PHP supports natively - the best I can think of is the xor operator (be careful to use the bitwise
^, not the logical
xor) and go from it - xor the data multiple times with a long random key. Do it many times - 4 or 8 times for best results. It is guaranteed to work on every PHP system, so it looks perfect for you.
Re: Uploaded file encryption PLEASE HELP!!!!!!!!!!!!!!!!!!
Posted: Wed Jun 30, 2010 8:00 am
by rufio1717
Don't bang you head against the wall. Take the easy approach and store the files the database! I know that everyone hates this, but in your situation is the best solution.
Code: Select all
CREATE TABLE `files`(
id INT NOT NULL AUTO_INCREMENT,
user_id INT NOT NULL,
file_name VARCHAR(40) NOT NULL,
file LONGBLOB,
PRIMARY KEY('id')
) ;
$key = "Large Random String"
Then just insert into the DB
$sql = "INSERT INTO `files` ('user_id','file_name') VALUES(intval($user_id),mysql_real_escape_string($file_name), AES_ENCRYPT($file,$key)); "
Now here is the real problem... AES_ENCRYPT SUCKS!!! If you can find a better solutions let me know! In fact anyone know a better alternative to AES_ENCRYPT?
Re: Uploaded file encryption PLEASE HELP!!!!!!!!!!!!!!!!!!
Posted: Sat Jul 03, 2010 3:26 am
by kaisellgren
rufio1717 wrote:Now here is the real problem... AES_ENCRYPT SUCKS!!! If you can find a better solutions let me know! In fact anyone know a better alternative to AES_ENCRYPT?
Why not just PHP's encryption functionalities, and doing the encryption in PHP instead of revealing the key on the SQL-query, which is likely going to end up in some logs.
Re: Uploaded file encryption PLEASE HELP!!!!!!!!!!!!!!!!!!
Posted: Tue Jul 20, 2010 9:53 pm
by yacahuma
Why AES_ENCRYPT sucks?
Re: Uploaded file encryption PLEASE HELP!!!!!!!!!!!!!!!!!!
Posted: Wed Jul 21, 2010 2:50 am
by Mordred
Wow, thread necromancy.
If you guys still think the built-in encryption functions suck, I still stand by my idea (above) of XOR-ing the data 4 times (or 8 times for even better security). Or you can use a one-time pad, it's proven to be 100% unbreakable. Or, if you're really really paranoid, you can combine the two - use a one time pad, but XOR it 4 times for the most benefit.