Forums Register Login

Store HTTPS file upload on server encrypted?

+Pie Number of slices to send: Send
I need some opinions on this.

I want to be able to have a file that is uploaded to a server stored
in the encrypted state and not to be decrypted till it is downloaded by another client.
The server would act as a go between the 2 ends of the https clients.

I would need to be able to read the https stream and store it encrypted and
later read that encrypted file and send it to the client in an encrypted state.
Any ideas?
+Pie Number of slices to send: Send
That should be fine. Just do a regular file upload, store the file there without doing anything to it, and let the other user download it.

If you need to learn how to do file uploads and downloads, you can search throughout the servlet/JSP forums, and there is Apache Commons FileUpload utility that you can use (there is also tons of sample code all over the web).
+Pie Number of slices to send: Send
Thanks.
Sorry for being a little slow but ..

Will the file be stored encrypted?
+Pie Number of slices to send: Send
No, the file will not be encrypted for you if you do it that way. The file is decrypted for you by the transport layer prior to you receiving it. What you can do is encrypt it yourself using the Java Cryptography Extension (JCE). Now, you'll have to keep track of HOW you encrypted it. Maybe you could dynamically generate a keypair on webapp startup and store it in the ServletContext. Then, you could always use that keypair to encrypt/decrypt the file(s) as they come in and go out.
+Pie Number of slices to send: Send
Actually, you could use a symmetric cipher and just use the same key to encrypt/decrypt. DUH! I don't know why I suggested a keypair. Here's a class that uses passphrase-based encryption...



What you would do is create a ServletContextListener for your webapp. Instantiate a PassphraseCrypto object (supply your own passphrase) and add it to your ServletContext. Then, use it later when you want to encrypt/decrypt files. Now, the problem here is that the key is passphrase-based, so if someone knows your passphrase (and what algorithm you use), they can (theoretically) decrypt the files you have stored on disk. You have to decide on the likelihood of that happening. If you're trying to protect the data from people who have no idea how to do that stuff (and haven't seen this post), then you're probably safe.

However, if you can live with it, you COULD use a random passphrase. The problem with that would be that you can't decrypt files which were encrypted using a previous random value (the server went down and you brought it back up).
+Pie Number of slices to send: Send
Wow that is awesome.
I want to get it from the Transport Layer to storage without
decrypting it and enabling the uploaded encrypted file to be later downloaded via https and decrypted seamlessly with no client side code.

Kind of an interrupted https connection...
It is difficult to free fools from the chains they revere - Voltaire. tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com


reply
reply
This thread has been viewed 3305 times.
Similar Threads
How encrpyt all files on web server so decryptable by all users' keys?
Best to store data in...so as to avoid admin from accessing it...??
Getting database connection remotely
http and https
session
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 10:00:29.