You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-users@mina.apache.org by Vincent Pazeller <vi...@gmail.com> on 2013/03/06 18:59:34 UTC
Using FtpServer to transparently encipher files
Hello all,
I am new to FtpServer and I am planning tu use it. Before, I would like to
know if anyone could confirm it will suit my needs... Basically, I would
like to ensure secure storage on the server by transparently encrypting a
file as soon it is uploaded and decrypting a file as soon it is downloaded.
Has anyone any experience with this?
My feeling is that Ftplets would allow to do this. Here is what I would
like to do:
For uploads: create a onUploadEnd Ftplet and use a symmetric encryption
algorithm (or PGP) to encrypt the uploaded file automatically
To ensure this is feasible, I would need (I think):
1) Possibility to obtain the user plain password or a session key noone can
obtain and is constant per user (so I can use something like SHA2(password
+ salt) as the key)
2) Possibility to easily access the uploaded file's data (to change the
content). Ideally before it is even written to disk (So that the plain file
is never actually stored on the disk before being encrypted)
For downloads: create a onDownloadStart Ftplet and use a symmetric
encryption algorithm to decrypt the file automatically before the download
To ensure this is feasable, I would need (I think):
1) Possibility to obtain the user plain password/session key (so I can use
something like SHA2(password + salt) as the key)
2) Possibility to change the data before file is downloaded. The best would
be to be able to access the file, decrypt it and send the decrypted data...
Has anyone any idea on the feasibility of this?
The crypto-system will be more complicated than this of course (this one
only allows one user to access the data), but if this one is feasable,
there is no limit to use something like PGP to allow multi-user access
I would appreciate any advise from people knowing FtpServer deeper than me
and more precisely on what we can do with FtpLets or if there is a much
simpler solution to my needs, of course :)
Best Regards
Vincent Pazeller
Re: Using FtpServer to transparently encipher files
Posted by John Hartnup <jo...@gmail.com>.
... using Spring.
On 8 March 2013 10:59, John Hartnup <jo...@gmail.com> wrote:
> You can create your own implementations of FtpFile, FilesystemView and
> FilesystemFactory. You typically need all three - a FilesystemFactory
> provides a way to create FilesystemViews, and a FilesystemView produces
> FtpFiles.
>
> FtpServerFactory has a setFilesystem() method, so you can inject your
> custom FilesystemFactory there.
>
>
> On 8 March 2013 10:39, Vincent Pazeller <vi...@gmail.com> wrote:
>
>> Hi, thank you for the answer.
>>
>> Is there any example of implementing a custom file system (I have seen
>> FtpFile Interface)? Do I need to modify the source directly? Is there a
>> way
>> to hook my own custom filesystem class by configuration (e.g. like
>> FtpLets)? (I don't like modifying sources, it breaks updates).
>>
>> Otherwise, I have seen that we have full access to User password! Great. I
>> wonder why no-one has done something like this already? No-one care for
>> transparent secure data storage?
>>
>> Best Regards
>>
>> On Wed, Mar 6, 2013 at 8:26 PM, Niklas Gustavsson <niklas@protocol7.com
>> >wrote:
>>
>> > On Wed, Mar 6, 2013 at 6:59 PM, Vincent Pazeller
>> > <vi...@gmail.com> wrote:
>> > > I am new to FtpServer and I am planning tu use it. Before, I would
>> like
>> > to
>> > > know if anyone could confirm it will suit my needs... Basically, I
>> would
>> > > like to ensure secure storage on the server by transparently
>> encrypting a
>> > > file as soon it is uploaded and decrypting a file as soon it is
>> > downloaded.
>> > > Has anyone any experience with this?
>> > >
>> > > My feeling is that Ftplets would allow to do this. Here is what I
>> would
>> > > like to do:
>> > >
>> > > For uploads: create a onUploadEnd Ftplet and use a symmetric
>> encryption
>> > > algorithm (or PGP) to encrypt the uploaded file automatically
>> > > To ensure this is feasible, I would need (I think):
>> > >
>> > > 1) Possibility to obtain the user plain password or a session key
>> noone
>> > can
>> > > obtain and is constant per user (so I can use something like
>> > SHA2(password
>> > > + salt) as the key)
>> > > 2) Possibility to easily access the uploaded file's data (to change
>> the
>> > > content). Ideally before it is even written to disk (So that the plain
>> > file
>> > > is never actually stored on the disk before being encrypted)
>> > >
>> > > For downloads: create a onDownloadStart Ftplet and use a symmetric
>> > > encryption algorithm to decrypt the file automatically before the
>> > download
>> > > To ensure this is feasable, I would need (I think):
>> > >
>> > > 1) Possibility to obtain the user plain password/session key (so I can
>> > use
>> > > something like SHA2(password + salt) as the key)
>> > > 2) Possibility to change the data before file is downloaded. The best
>> > would
>> > > be to be able to access the file, decrypt it and send the decrypted
>> > data...
>> > >
>> > > Has anyone any idea on the feasibility of this?
>> > >
>> > > The crypto-system will be more complicated than this of course (this
>> one
>> > > only allows one user to access the data), but if this one is feasable,
>> > > there is no limit to use something like PGP to allow multi-user access
>> > >
>> > > I would appreciate any advise from people knowing FtpServer deeper
>> than
>> > me
>> > > and more precisely on what we can do with FtpLets or if there is a
>> much
>> > > simpler solution to my needs, of course :)
>> >
>> > I would recommend you to have a look at implementing this using a
>> > custom file system instead of as an Ftplet. Doing so will be a more
>> > natural way to intercept files as they are needed. In particular, look
>> > at FtpFile.createOutputStream() and FtpFile.createInputStream().
>> >
>> > /niklas
>> >
>>
>
>
>
> --
> "There is no way to peace; peace is the way"
>
--
"There is no way to peace; peace is the way"
Re: Using FtpServer to transparently encipher files
Posted by John Hartnup <jo...@gmail.com>.
You can create your own implementations of FtpFile, FilesystemView and
FilesystemFactory. You typically need all three - a FilesystemFactory
provides a way to create FilesystemViews, and a FilesystemView produces
FtpFiles.
FtpServerFactory has a setFilesystem() method, so you can inject your
custom FilesystemFactory there.
On 8 March 2013 10:39, Vincent Pazeller <vi...@gmail.com> wrote:
> Hi, thank you for the answer.
>
> Is there any example of implementing a custom file system (I have seen
> FtpFile Interface)? Do I need to modify the source directly? Is there a way
> to hook my own custom filesystem class by configuration (e.g. like
> FtpLets)? (I don't like modifying sources, it breaks updates).
>
> Otherwise, I have seen that we have full access to User password! Great. I
> wonder why no-one has done something like this already? No-one care for
> transparent secure data storage?
>
> Best Regards
>
> On Wed, Mar 6, 2013 at 8:26 PM, Niklas Gustavsson <niklas@protocol7.com
> >wrote:
>
> > On Wed, Mar 6, 2013 at 6:59 PM, Vincent Pazeller
> > <vi...@gmail.com> wrote:
> > > I am new to FtpServer and I am planning tu use it. Before, I would like
> > to
> > > know if anyone could confirm it will suit my needs... Basically, I
> would
> > > like to ensure secure storage on the server by transparently
> encrypting a
> > > file as soon it is uploaded and decrypting a file as soon it is
> > downloaded.
> > > Has anyone any experience with this?
> > >
> > > My feeling is that Ftplets would allow to do this. Here is what I would
> > > like to do:
> > >
> > > For uploads: create a onUploadEnd Ftplet and use a symmetric encryption
> > > algorithm (or PGP) to encrypt the uploaded file automatically
> > > To ensure this is feasible, I would need (I think):
> > >
> > > 1) Possibility to obtain the user plain password or a session key noone
> > can
> > > obtain and is constant per user (so I can use something like
> > SHA2(password
> > > + salt) as the key)
> > > 2) Possibility to easily access the uploaded file's data (to change the
> > > content). Ideally before it is even written to disk (So that the plain
> > file
> > > is never actually stored on the disk before being encrypted)
> > >
> > > For downloads: create a onDownloadStart Ftplet and use a symmetric
> > > encryption algorithm to decrypt the file automatically before the
> > download
> > > To ensure this is feasable, I would need (I think):
> > >
> > > 1) Possibility to obtain the user plain password/session key (so I can
> > use
> > > something like SHA2(password + salt) as the key)
> > > 2) Possibility to change the data before file is downloaded. The best
> > would
> > > be to be able to access the file, decrypt it and send the decrypted
> > data...
> > >
> > > Has anyone any idea on the feasibility of this?
> > >
> > > The crypto-system will be more complicated than this of course (this
> one
> > > only allows one user to access the data), but if this one is feasable,
> > > there is no limit to use something like PGP to allow multi-user access
> > >
> > > I would appreciate any advise from people knowing FtpServer deeper than
> > me
> > > and more precisely on what we can do with FtpLets or if there is a much
> > > simpler solution to my needs, of course :)
> >
> > I would recommend you to have a look at implementing this using a
> > custom file system instead of as an Ftplet. Doing so will be a more
> > natural way to intercept files as they are needed. In particular, look
> > at FtpFile.createOutputStream() and FtpFile.createInputStream().
> >
> > /niklas
> >
>
--
"There is no way to peace; peace is the way"
Re: Using FtpServer to transparently encipher files
Posted by Vincent Pazeller <vi...@gmail.com>.
Hi, thank you for the answer.
Is there any example of implementing a custom file system (I have seen
FtpFile Interface)? Do I need to modify the source directly? Is there a way
to hook my own custom filesystem class by configuration (e.g. like
FtpLets)? (I don't like modifying sources, it breaks updates).
Otherwise, I have seen that we have full access to User password! Great. I
wonder why no-one has done something like this already? No-one care for
transparent secure data storage?
Best Regards
On Wed, Mar 6, 2013 at 8:26 PM, Niklas Gustavsson <ni...@protocol7.com>wrote:
> On Wed, Mar 6, 2013 at 6:59 PM, Vincent Pazeller
> <vi...@gmail.com> wrote:
> > I am new to FtpServer and I am planning tu use it. Before, I would like
> to
> > know if anyone could confirm it will suit my needs... Basically, I would
> > like to ensure secure storage on the server by transparently encrypting a
> > file as soon it is uploaded and decrypting a file as soon it is
> downloaded.
> > Has anyone any experience with this?
> >
> > My feeling is that Ftplets would allow to do this. Here is what I would
> > like to do:
> >
> > For uploads: create a onUploadEnd Ftplet and use a symmetric encryption
> > algorithm (or PGP) to encrypt the uploaded file automatically
> > To ensure this is feasible, I would need (I think):
> >
> > 1) Possibility to obtain the user plain password or a session key noone
> can
> > obtain and is constant per user (so I can use something like
> SHA2(password
> > + salt) as the key)
> > 2) Possibility to easily access the uploaded file's data (to change the
> > content). Ideally before it is even written to disk (So that the plain
> file
> > is never actually stored on the disk before being encrypted)
> >
> > For downloads: create a onDownloadStart Ftplet and use a symmetric
> > encryption algorithm to decrypt the file automatically before the
> download
> > To ensure this is feasable, I would need (I think):
> >
> > 1) Possibility to obtain the user plain password/session key (so I can
> use
> > something like SHA2(password + salt) as the key)
> > 2) Possibility to change the data before file is downloaded. The best
> would
> > be to be able to access the file, decrypt it and send the decrypted
> data...
> >
> > Has anyone any idea on the feasibility of this?
> >
> > The crypto-system will be more complicated than this of course (this one
> > only allows one user to access the data), but if this one is feasable,
> > there is no limit to use something like PGP to allow multi-user access
> >
> > I would appreciate any advise from people knowing FtpServer deeper than
> me
> > and more precisely on what we can do with FtpLets or if there is a much
> > simpler solution to my needs, of course :)
>
> I would recommend you to have a look at implementing this using a
> custom file system instead of as an Ftplet. Doing so will be a more
> natural way to intercept files as they are needed. In particular, look
> at FtpFile.createOutputStream() and FtpFile.createInputStream().
>
> /niklas
>
Re: Using FtpServer to transparently encipher files
Posted by Niklas Gustavsson <ni...@protocol7.com>.
On Wed, Mar 6, 2013 at 6:59 PM, Vincent Pazeller
<vi...@gmail.com> wrote:
> I am new to FtpServer and I am planning tu use it. Before, I would like to
> know if anyone could confirm it will suit my needs... Basically, I would
> like to ensure secure storage on the server by transparently encrypting a
> file as soon it is uploaded and decrypting a file as soon it is downloaded.
> Has anyone any experience with this?
>
> My feeling is that Ftplets would allow to do this. Here is what I would
> like to do:
>
> For uploads: create a onUploadEnd Ftplet and use a symmetric encryption
> algorithm (or PGP) to encrypt the uploaded file automatically
> To ensure this is feasible, I would need (I think):
>
> 1) Possibility to obtain the user plain password or a session key noone can
> obtain and is constant per user (so I can use something like SHA2(password
> + salt) as the key)
> 2) Possibility to easily access the uploaded file's data (to change the
> content). Ideally before it is even written to disk (So that the plain file
> is never actually stored on the disk before being encrypted)
>
> For downloads: create a onDownloadStart Ftplet and use a symmetric
> encryption algorithm to decrypt the file automatically before the download
> To ensure this is feasable, I would need (I think):
>
> 1) Possibility to obtain the user plain password/session key (so I can use
> something like SHA2(password + salt) as the key)
> 2) Possibility to change the data before file is downloaded. The best would
> be to be able to access the file, decrypt it and send the decrypted data...
>
> Has anyone any idea on the feasibility of this?
>
> The crypto-system will be more complicated than this of course (this one
> only allows one user to access the data), but if this one is feasable,
> there is no limit to use something like PGP to allow multi-user access
>
> I would appreciate any advise from people knowing FtpServer deeper than me
> and more precisely on what we can do with FtpLets or if there is a much
> simpler solution to my needs, of course :)
I would recommend you to have a look at implementing this using a
custom file system instead of as an Ftplet. Doing so will be a more
natural way to intercept files as they are needed. In particular, look
at FtpFile.createOutputStream() and FtpFile.createInputStream().
/niklas