Hi,

I have a question about the possibility to encrypt and decrypt files with via web with perl or php script + gnupg.

There is a file hosting service where the user can upload the files and with a download page the user can download the page.

My question is: is possible ofr the user that upload file encrypt a files (like mp3, doc or rar) with only insert a code word.

For exmaple: the user upload the files, near the uploaded file there is a form that the user inser a word code (like ) ... there is a perl script or php tha call the gnupg and crypt the files.
In the download page there is a form to inser the same word code (£$%&fhfu890) and there is a script perl or php that call the gnupg and decrypt the files.

Remeber the code word is need for the user not for the file hosting system.

for you this is possible or is only fantasy ?

thank you

Why do you think you need gpg for that ? The usefulness of gpg comes from the fact that the data is encrypted with public key and then you need secret key to unlock it. If you store both keys in the same place you beat the purpose of it. In order to do this with gpg you would need to create gpg keys for each user and move them around and use them to crypt / decrypt data. I think you should look in some simpler solution. Even simple one-step-pad should work for you using passphrase as key and file as a string to crypt. I never used it on any large amount of data so I am not sure how efficient would it be though when used on large rars and mp3s.

thank you very much for your answer sasha.

So, the gnupg is not a good solution.

Sorry If I make another question but what is a good solution for this idea ?

You wrote: Even simple one-step-pad should work for you using passphrase as key and file as a string to crypt. I never used it on any large amount of data so I am not sure how efficient would it be though when used on large rars and mp3s."

Can you tell me some information about this ?

Thank you very much

Michele

You are going to want to chose an approach that is focussed on speed, if you plan on encrypting the files themselves. For example, a Python implementation of AES or Blowfish is between 3 and 4.5 times faster than an implementation of ARC2. You'll likely want to use a C implementation if you are encrypting and decrypting a great many larger binary files.

Or, store the files unencrypted, but manage access in a secure manner.

This is php implementation of one-time-pad. The key is your password. With proper key this is unbreakable encryption. I just mentioned this method to contrast it to more complex gpg idea.

As i said before I do not think this would be too efficient in you scenario. I do not know all details of your project so I am not sure which is the bast way. If I would have to do this with many files in shared enviroment i would encrypt only first part of the file (4098 bytes or something like that) which would make it unusable enough without password. It is hard to tell which is the best encryption to use. You could just dump first 4kb of the file in mysql database and encrypt it with EAS_ENCRYPT using user supplied password as key. I envy you on that project - whatever it is - it sounds fun.




// only problem with two-time-pad is that it can be broken if you use the same key
// multiple times. that is why we make random salt to spice things up
// store this in the database so you can retrieve it later for decryption.
$salt = makeSomeRandomString();

//$password is already provided by user
$encrypted = encrypt ($filecontents , $salt . $password ) ;

function encrypt ($string, $key){
$result = '';
if (!$string || !$key) {
return false ;
}
for($i=1; $i<=strlen($string); $i++){
$char = substr($string, $i-1, 1);
$keychar = substr($key, ($i % strlen($key))-1, 1);
$char = chr(ord($char)+ord($keychar));
$result.=$char;
}
return $result;
}

function decrypt($string, $key){
$result = '';
if (!$string || !$key) {
return false ;
}
for($i=1; $i<=strlen($string); $i++){
$char = substr($string, $i-1, 1);
$keychar = substr($key, ($i % strlen($key))-1, 1);
$char = chr(ord($char)-ord($keychar));
$result.=$char;
}
return $result;
}

Thank you very very much Sasha,

I'm a newbie to the encrypt way.

So you tell that for make unaccesible a file at user without password there is the possibility to encry only a smal part of its and the resoult is all the file is protect ..?
Is ok ?

The scenario of my project is this: in Italy with the new Privacy law for share some document like personal private data is need have some minimal securty level on the system: a password for download, antivirus, firewall ecc ecc.

I think that the user upload a files (like a video file) and for have more security there is a sistem for make unusable this file if for a not luck the hacker enter in the server and download the file without the agree of the upload user.

The crypt and decrypt system need to be very easy to the user.
The user insert a keyword in a form and the file will be crypt and the user insert the same keywor in a for for decrypt the files and download the files.
Because the user that use this system is not a internet/web/system tech but "normal" people.

I believed that gnupg is a good idea but is completly out of the project.

So this is the scenario.

Sasha, please tell me if with php or perl there is a solution for this.

Thank you very much

Michele

Sorry for not responding earlier. Yeah, php or perl could easy handle what you need. There is no absolute security so if someone does obtain full access to server you cannot protect files but at least you can protect them enough to show the best intention and avoid any liability. To do this it should be enough to strip first few Kb from the start of the file and store that part encrypted in the database and the rest of the file unencrypted and store it on disk. When file is requested you would have to put it back together which should be simple task. If you have unlimited resources that would make performance a non-issue you could encrypt entire file. You would have to try few different encryption methods and storage mechanisms to see which one works the best for you but it is all doable.

Check out Crypt::GPG (http://search.cpan.org/~agul/Crypt-GPG-1.52/GPG.pm) if you still want to use perl for this. perl is more than equipped for this task, but it's your choice :-)