first of all, sorry if my question is not clear, because English is not my first language. Anyway, let-me explain the concept I'm struggling to solve as the best solution. I have some guys, and they want privacy for their cloud (hosting their files). Ok, cryptography is the way to go I believe. So I did some quick research and found that I can crypt their files with PHP and store them crypted in the cloud's server. But this way, to decrypt their files and give them a download of the original file, I'll need to get their crypt key (supposed to be secret and kept only in client side) and use it in PHP mcrypt, to decrypt the file. This way, I create a possibility to 'hook' their crypt keys, and decrypt their files even without the permission. Ok, I don't pretend to do that, but I want to "wash my hands" (maybe this expression doesn't work well in English, but try to understand) about what they are hosting there. If anytime, for legal purposes I get obligated to get the key of some user and decrypt the files, I just don't want to have any ways to do that. Is there any way to do this with the PHP mcrypt library? Maybe doing some hashing function with their crypt key (just supposing) or maybe processing the downloaded file in the client side via javascript (is that even possible?)
Aucun commentaire:
Enregistrer un commentaire