I am dealing with a concept for a project that includes absolutely critical data.
The most important part is that it should be stored in encrypted form.
The encrypted file system on which the server serving the files is installed is not enough.
The decryption key must be passed to the request URI on a secure connection, along with the hash and timestamp.
The hash based on the timestamp, key, and file name checks the URI and stores it in a list, so it can only be retrieved once.
The important part now is that the web server must take the file from disk and decrypt it using the key that it received from the request URI.
It must also be efficient and fast. It also requires an encryption method that does not require scanning the entire file. so the file can be decrypted. I think that AES can do this with given sizes of blocks that are encrypted by the atom.
Thus, one of the options will read the source file in a php script in pieces of several megabytes, where I decrypt using aes and print the decrypted content. The script then forgets the previous data and continues the next fragment until the eof is gone.
If aes does not support, I can simply encrypt fragments of a certain file size separately, combine them and do the same when serving files. however, I would like to adhere to one standard that I do not need to invent, so I can also use standard libraries to encrypt files.
.
- apache/lighttpd/nginx - ?