[ZendTo] Re: feature request - encryption (UNCLASSIFIED)

Jules Jules at Zend.To
Tue Oct 1 21:47:14 BST 2013


But you can make openssl take it from stdin with "-pass stdin" at which 
point you can inject it down the pipe to the command, so it cannot be 
seen with "ps" on the command-line args, and there are no prompts that 
you have to parse to drive it.

So openssl wins every time. And on the decryption side (you don't want 
to create a decrypted file on the local filesystem every time a user 
downloads it if you can possibly avoid it), if you don't specify -out 
then it puts it on stdout which you can read from the pipe to the command.

+2 for openssl, +0 for gpg. :-)

Jules.

On 01/10/2013 20:34, Kash, Howard M CIV (US) wrote:
> Classification: UNCLASSIFIED
> Caveats: NONE
>
>
> OpenSSL or GPG can do it:
>
> Encrypt:
>
>     openssl enc -aes-256-cbc -salt -in file.tar -out file.tar.enc
>     gpg -c --cipher-algo AES256 file
>
> Decrypt:
>
>     openssl enc -d -aes-256-cbc -in file.tar.enc -out file.tar
>     gpg file.gpg
>
>
> GPG doesn't appear to have an argument to specify the passphrase, it prompts for it.  OpenSSL has the -k option.  But putting the passphrase on the command line makes it vulnerable to exposure
>
>
> Howard
>
>
> -----Original Message-----
> From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of Jules
> Sent: Tuesday, October 01, 2013 11:35 AM
> To: ZendTo Users
> Subject: [ZendTo] Re: feature request - encryption
>
> Good idea, I like it!
>
> Finally a reasonable way of providing encryption.
>
> However, you wouldn't be able to "Re-Send Dropoff" if it's encrypted.
> But other than that, it sounds good. It would also have to ask for the
> encryption key as well as the Claim ID and Passcode if you do a manual
> pickup, but that's easy enough.
>
> Anyone feeling generous enough to investigate a suitable command-line
> encryption command to do this? Can "gpg" do simple encryption like this,
> or do we need to use something else? I want to use something everyone
> will already have if possible, or else a PHP library to do it
> (command-line would be better).
>
> Jules.
>
> P.S. Sorry for the huge delay in replying to this, I've been off sick
> having 8 operations, and am still not back at work yet.
>
>
> On 14/08/2013 08:16, Phil Daws wrote:
>> That is not a bad idea at all. As this would mean that the recipient would require software to decrypt the file it may become cumbersome.  Perhaps the file(s) are encrypted with a random key and that is then held in the ZendTo database.  When the pickup occurs the file is then decrypted and delivered via HTTPS. Thoughts ?
>>
>> ----- Original Message -----
>> From: "Patricia A Smith" <raman2 at sbcglobal.net>
>> To: zendto at zend.to
>> Sent: Tuesday, 13 August, 2013 5:51:26 PM
>> Subject: [ZendTo] feature request - encryption
>>
>> I wonder if zendto can add a feature to encrypt the uploads as it saves the drop-off. The simplest method would be something like this.
>>
>> 1. The uploaded file(s)/drop-off is encoded using a randomly generated key.
>> 2. The recipient receives the URL link plus the encrypted key which can be used to decrypt the file.
>>
>> This is very useful in that the data is encrypted at rest in the ZendTo server and can be used to store sensitive files
>>
>>
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>>
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>>
>> Jules
>>
>> --
>> Julian Field MEng MBCS CITP CEng
>>
>> 'If I were a Brazilian without land or money or the means to feed
>>    my children, I would be burning the rain forest too.' - Sting
>>
>> www.Zend.To
>> Twitter: @JulesFM
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
> Jules
>
> -- 
> Julian Field MEng MBCS CITP CEng
>
> 'What happened in the past that was painful, has a great deal to
>   do with what we are today.' - William Glasser
>
> www.Zend.To
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


More information about the ZendTo mailing list