Win a copy of Node.js Design Patterns: Design and implement production-grade Node.js applications using proven patterns and techniques this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Store HTTPS file upload on server encrypted?

 
Ranch Hand
Posts: 154
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I need some opinions on this.

I want to be able to have a file that is uploaded to a server stored
in the encrypted state and not to be decrypted till it is downloaded by another client.
The server would act as a go between the 2 ends of the https clients.

I would need to be able to read the https stream and store it encrypted and
later read that encrypted file and send it to the client in an encrypted state.
Any ideas?
 
Ranch Hand
Posts: 618
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That should be fine. Just do a regular file upload, store the file there without doing anything to it, and let the other user download it.

If you need to learn how to do file uploads and downloads, you can search throughout the servlet/JSP forums, and there is Apache Commons FileUpload utility that you can use (there is also tons of sample code all over the web).
 
andy armstrong
Ranch Hand
Posts: 154
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks.
Sorry for being a little slow but ..

Will the file be stored encrypted?
 
Ranch Hand
Posts: 580
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, the file will not be encrypted for you if you do it that way. The file is decrypted for you by the transport layer prior to you receiving it. What you can do is encrypt it yourself using the Java Cryptography Extension (JCE). Now, you'll have to keep track of HOW you encrypted it. Maybe you could dynamically generate a keypair on webapp startup and store it in the ServletContext. Then, you could always use that keypair to encrypt/decrypt the file(s) as they come in and go out.
 
James Carman
Ranch Hand
Posts: 580
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually, you could use a symmetric cipher and just use the same key to encrypt/decrypt. DUH! I don't know why I suggested a keypair. Here's a class that uses passphrase-based encryption...



What you would do is create a ServletContextListener for your webapp. Instantiate a PassphraseCrypto object (supply your own passphrase) and add it to your ServletContext. Then, use it later when you want to encrypt/decrypt files. Now, the problem here is that the key is passphrase-based, so if someone knows your passphrase (and what algorithm you use), they can (theoretically) decrypt the files you have stored on disk. You have to decide on the likelihood of that happening. If you're trying to protect the data from people who have no idea how to do that stuff (and haven't seen this post), then you're probably safe.

However, if you can live with it, you COULD use a random passphrase. The problem with that would be that you can't decrypt files which were encrypted using a previous random value (the server went down and you brought it back up).
 
andy armstrong
Ranch Hand
Posts: 154
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Wow that is awesome.
I want to get it from the Transport Layer to storage without
decrypting it and enabling the uploaded encrypted file to be later downloaded via https and decrypted seamlessly with no client side code.

Kind of an interrupted https connection...
 
I child proofed my house but they still get in. Distract them with this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic