Encrypting file contents
Our product has a web interface through which user can download configuration file.
The file is associated with a passphrase. The format of file is binary and it has different types of records with each record of different data structure.
When user downloads this file I want the dowloaded file not to be readable. Also if user edits the downloaded file and make some changes and uploads it again, I don't want it to be uploaded in our product.
I was looking for a solution by which I can make this file read only and hence not editable by user. Is there a way to achieve this?
Or is there any algorithm by which I can come to know that file is modified while uploading? some sort of signature???
I am using linux C, CGI for web development.
Hi Sumitv... file hash algorithms were invented for this function. Will need a common key though. Check out md5, sha etc. for possible implementations. Most types included in Linux distros by default.
As for permissions... that a bit more difficult, as by allowing the download, control of the file passes to the user, at which point they can modify permissions at will. Will need to encrypt - zip?
Cheers, hope this helps a bit?
Thanks for your reply. It helped me.
I found a way to encrypt the file using different alogorithms. I also observed some of the algorithms are readily available with source code. But all these algorithms require a password to be entered by user, which is not possible in my case.
I have a backend C code which runs independent of user. I have to encrypt the contents of the file and make it user unreadbale. I am OK if it is not password protected. Is there a way to achieve this?
You said that every file is associated with a passphrase. Why not just use that passphrase as the user-entered password?
You are right. Every file is associated with a passphrase. But this passphrase is sent through web user interface and at the backend we have linux cgi code along with shell script. We get this passphrase at the backend.
I am investigating how can we send this passphrase to gpg(or any other encryption utility) program through shell script without requiring user to input that. Is there a way?
Thanks for the reply.