Encrypted web storage

Alex53 · 18 May 2010 at 16:00

I want to have files on a dedicated server at my ISP, to share with other users, but these are confidential and would not like them to be on the server unencrypted.

On the other hand having to use file encryption software before uploading and then asking the other users to decrypt the files each time they download seems is a bit of a nightmare.

So, maybe, it could a combination of hard disk/volume encryption, so that locally stuff is encrypted, and HTTPS so that communications are encrypted, so once users are logged in with their credentials they dont have to manually encrypt or decrypt anything.

Am I making sense here? If I am, what software do you guys know of I could use?

tntcoder · 18 May 2010 at 16:22

Heres a few options for you,

If you want them to be secure on the server i.e so your ISP (and anyone that hacks your server) can't read the data then you need to encrypt them before uploading and decrypt after download. There isn't really anyway around this.

If you want to do it overtly, use the program ccrypt, it might well already be installed on your disto. Just run it as "ccrypt -e myfile" enter password & upload. Your other users download it and run "ccrypt -d myfile" enter password and view the plaintext.
If your going to have numerous people logging in, then sharing 1 password gets more and more tricky, and you should probably consider using public/private keys with the gpg tool.

If the other users you are sharing with all use Linux or Macs then you could consider EncFS, it's a userspace encrypted file system and you could create it on your server then mount it locally over SSH. This is a neat solution. If you don't mind the initial setup complexity it's a nice way to both use data locally with ease and transport it securely & store it securely on the server. This blog post explains how to set it up: http://balau82.wordpress.com/2009/08/23/secure-remote-storage-using-sshfs-and-encfs/

You could also consider a 3rd party for this. There's numerous companies that offer secure storage online for fair prices (if you trust them...

). (Dropbox maybe?)

Also there's the possibility of true crypt volumes, you would have to upload & download them but it would offer compatibility across different operating systems.

Hope that helps.

Alex53 · 18 May 2010 at 17:11

Thanks for the quick reply. How would the truecrypt solution work? (none of the users uses linux :/ the only linux system here is the web server)

tntcoder · 18 May 2010 at 17:20

Alex53 said:
Thanks for the quick reply. How would the truecrypt solution work? (none of the users uses linux :/ the only linux system here is the web server)

Ok that complicates things a little.

To use truecrypt you would simply create a local container, put some files in it then upload it to the server (ftp/sftp). Other users would download it (ftp/sftp) and access it locally with truecrypt. Anytime something is modified the container would need to be uploaded again. So essentially the server just needs to provide file storage.

Another option would be to make a web application, running over https and run it on the server. For example you could make a PHP upload file script that accepts files and encrypts them before writing to disk. Then other users could download them. The web application could handle all the encrypting and decrypting then the users get it over https. Maybe something like this exists already, worth searching. That might work nicely for you actually.

Ill see if i can find any PHP apps for that kind of thing if your server supports PHP/SSL.

Or if you want to keep things simple, encrypted zip files and give everyone the password.