Hi All,

This is my first time dealing with data and file encryption over the web and
was hoping someone could lend a helping hand. My client has the following
requirements. They wish to allow their users to upload files (xls, xml, and
pdf formats) that contain sensitive information. I am trying to determine the
following:

a) Best option for upload (FTP vs form upload)

b) Best method to encrypt the data on the client and decrypt on the server.

Any recommendations or readings would be greatly appreciated.

Thanks in advance,
Jen

Before discussing any technological implementations, understand what problem
you wish to solve:

- does the encrypted data need to be stored as encrypted on the server?
- can ONE decryption key, protected at the server decrypt ALL the encrypted data
    submitted by users?  Does the (trusted and secured) server need to use the
    decrypted client sensitive data submitted?
    If so, then one solution is to deploy an RSA (preferably 2048 bit) keypair/cert at the server
    and provide access to the corresponding public key/certificate to users to encrypt
    (with this server-public key) their data files using several different approaches (similar
     to signing emails to recipients).

It is really important to understand these issues clearly first before looking at available
technology solutions.

A common quote:
"if you think cryptography is the solution to your problem, you either don't understand the cryptography or you don't
understand your problem"

Make sure you clearly understand your problem first.

- Mitch

Show quoteHide quote

Login failed for user ''. The user is not associated with a trusted SQL Server connection.
Encrypted Data Storage ? HowTo ?
WebService Windows Authentication ASP.NET 2.0
Impersonate
Digital Signaturing
users and roles
Problems with AzMan interop and CLR 2
Ent. Library w/DB 2 registry access problem
internet explorer 6 sp2
¤ China ZhongZhan Aids Mei Mei