Encrypted file transfer and storage
Permalink
Hi All.
One of my sites has asked if it would be possible to manage the sharing of highly sensitive documents and I am wondering if this is possible with Concrete5 and whether I want to take the risk?
Specifically the capability is to allow groups to upload the files to shared areas they control, at the same time encrypting these files with a password as part of the process.
Members granted permission to do so would be able to download the file/s and use the password to decrypt the file/s onto their local machine.
At no time should an unencrypted part of the file be in transit or stored on the server and the password information is only ever transferred in an encrypted format. Something like that.
I asked the question of the Document Manager team and Greg came back saying that it offers a subset of the File Manager with no encryption capabilities, but that I may get some interesting answers from you the developers.
It occurs to me that someone may be working on a Concrete5 plugin for Mega.
Here's hoping.
Russ.
One of my sites has asked if it would be possible to manage the sharing of highly sensitive documents and I am wondering if this is possible with Concrete5 and whether I want to take the risk?
Specifically the capability is to allow groups to upload the files to shared areas they control, at the same time encrypting these files with a password as part of the process.
Members granted permission to do so would be able to download the file/s and use the password to decrypt the file/s onto their local machine.
At no time should an unencrypted part of the file be in transit or stored on the server and the password information is only ever transferred in an encrypted format. Something like that.
I asked the question of the Document Manager team and Greg came back saying that it offers a subset of the File Manager with no encryption capabilities, but that I may get some interesting answers from you the developers.
It occurs to me that someone may be working on a Concrete5 plugin for Mega.
Here's hoping.
Russ.
Thanks for your suggestions.
Problem with a VPN is installing the client software on a Users machine to access the file store, though it would certainly rank as one of the most secure methods.
Problem being that some of the Users would be members of the public on short lease permissions to access certain shared areas to download the files. I can see a problem supporting the install of VPN client software for them.
I will have a look at the Zend encrypt library, though as a fairly agricultural developer myself I would be uncertain that my security solution dotted all the i's and crossed all the t's in terms of being super secure. Hence my request to the other developers of Concrete5 for ideas, gratefully received.
Mega ishttp://mega.co.nz and pretty awesome, if it is secure that is.
Problem with a VPN is installing the client software on a Users machine to access the file store, though it would certainly rank as one of the most secure methods.
Problem being that some of the Users would be members of the public on short lease permissions to access certain shared areas to download the files. I can see a problem supporting the install of VPN client software for them.
I will have a look at the Zend encrypt library, though as a fairly agricultural developer myself I would be uncertain that my security solution dotted all the i's and crossed all the t's in terms of being super secure. Hence my request to the other developers of Concrete5 for ideas, gratefully received.
Mega ishttp://mega.co.nz and pretty awesome, if it is secure that is.
Taking a step back, assuming the site is on the Internet rather an intranet, I wonder why your client wants to store files in this way?
If they need to be visible only to authorised personnel there are probably better solutions. Assuming the personnel are in geographically disparate locations, and the Internet must be used, then perhaps a VPN connecting those personnel to a central network may be better.
Going back to your proposed solution, I would agree that the core teams Document Manager plugin is a good start. Assuming some along the line it uses the Zend_File_Transfer class, that class provides encrypt/decrypt filters, so perhaps the required modifications would not be big. This type of mod is beyond my capability at the moment, sorry, I can't offer any more guidance.
Finally, you will need to ensure HTTPS connection is used for the file transfers to/from the site and browser.
BTW what is 'Mega'?