My app stores uploaded files on the local server. Since the uploaded files will most likely contain sensitive data, I want to store them encrypted (AES). The file could be anything from a PDF to an image, to a Microsoft document. What is the best way to accomplish this?
Are your files big? If not, consider RC4. Fast and convenient. Otherwise take a look at this thread.
The type of file (as in content) is not important. Read it into a buffer, do the encryption and write the content of the buffer back to the file. With RC4 you use the same algorithm for decryption. I use an extra ‘.enc’ extension to mark encrypted files. You could register your ‘.enc’ extension into the target OS for rapid decryption…
Most of the files should be < 5Mb. How secure is RC4?
RC4 is an encryption algorithm:
[code]Function rc4v6(dataString as string, keyString as string) As string
// highly optimized version of the RC4 algorithm written for Xojo 2014
// uses pointers and MemoryBlocks for speed
// written to follow the pseudo-code algorithm described here: http://en.wikipedia.org/wiki/Rc4
#Pragma DisableBackgroundTasks
#Pragma DisableBoundsChecking
#Pragma NilObjectChecking False
#Pragma StackOverflowChecking False
Dim mbPlaintext as MemoryBlock = dataString // input data
dim Plaintext as Ptr = mbPlaintext // a pointer, used for speed
Dim mbCyphertext as New MemoryBlock(mbPlaintext.Size) // output data, same size as input
dim Cyphertext as Ptr = mbCyphertext // a pointer, used for speed
dim mbKey as MemoryBlock = keyString // the key, as a MemoryBlock
dim Key as Ptr = mbKey
dim keylength as integer = mbKey.size
// do the Key Scheduling Algorithm (KSA)
dim mbS as new MemoryBlock(256)
dim S as Ptr = mbS // a pointer, used for speed
// first, fill it with Identity (0-255)
for i as integer = 0 to 255
S.byte(i) = i
next
// now, do the KSA
dim i,j as integer
for i = 0 to 255
j = (j + S.byte(i) + Key.byte(i mod keylength) ) mod 256
// swap values of S[i] and S[j]
dim tmp as Byte = S.byte(j)
S.byte(j) = S.byte(i)
S.byte(i) = tmp
next
// now, do the encoding
i = 0
j = 0
dim U as integer = mbPlaintext.Size-1 // iterate from 0…U
for x as integer = 0 to U
i= (i + 1 ) mod 256
j = (j + S.byte(i) ) mod 256
// swap values of S[i] and S[j]
dim tmp as Byte = S.byte(j)
S.byte(j) = S.byte(i)
S.byte(i) = tmp
// K is the keystream value which is XORed with the Plaintext to make the Cyphertext
dim K as Byte = S.byte( (S.byte(i) + S.byte(j)) mod 256)
Cyphertext.byte(x) = Plaintext.byte(x) XOR K
next
return mbCyphertext
End Function
[/code]
Use a long (>16bytes) key and RC4 is for SOHO use a valid choice.
Edit: this is a improved version of the original RC4.
The ability of ‘hackers’ to reconstruct a valid file out of gibberish without knowing the used algorithm AND the password in a LIMIT amount of time is greatly exaggerated.
Not that you want
You can use the crypto functions for this
Thanks to all who replied.
As I was following the thread Alexander posted above, someone suggested using a CLI utility to do the encryption. Since my webapp runs on a Linux server, I tested the OpenSSL method. Seems to work quite nicely for what I’m trying to accomplish.
I now need to resolve the last piece of my puzzle. See this thread if you can help.