PiZilla icon indicating copy to clipboard operation
PiZilla copied to clipboard

Published 20 hours ago verified publisher icon NITDgpOS

Password based file encryption

Open nkprince007 opened this issue 7 years ago • 10 comments

Reference: https://stackoverflow.com/questions/35449630/how-to-encrypt-file-using-express-multer

nkprince007 avatar Oct 15 '17 17:10 nkprince007

@nkprince007 I would like to up this issue.

pranay414 avatar Dec 22 '17 08:12 pranay414

Sure, go ahead.

nkprince007 avatar Dec 22 '17 10:12 nkprince007

@nkprince007 can you elaborate this issue?

pranay414 avatar Dec 23 '17 07:12 pranay414

Sure, multer provides an event onFileUploadComplete which can be configured to our requirement. Once the file upload is done, use any encryptor of your liking (preferably file-encryptor) and encrypt the file with the same name. When user tries to access that resource, you'd need to a password based verification which, on acceptance should be able to download the file.

However, make sure that encryption is only optional and not enforced.

nkprince007 avatar Dec 23 '17 07:12 nkprince007

@nkprince007 I found that event callbacks don't work. Ref: https://stackoverflow.com/questions/32045027/multer-callbacks-not-working. What to do in this case?

pranay414 avatar Dec 26 '17 13:12 pranay414

Well, in that case we could ditch multer and use some other library like formidable perhaps and write a handler for the /upload route which parses the form POSTed by the frontend dropzone.

Reference: https://gist.github.com/paambaati/db2df71d80f20c10857d#file-upload_demo_nodejs-js

nkprince007 avatar Dec 27 '17 11:12 nkprince007

@nkprince007 can you tell me how will a user download an uploaded file from the server?, btw I have implemented formidable and have encrypted the file successfully. Also is it necessary to store encrypted file in uploads directory and delete the original file after encryption?

pranay414 avatar Dec 28 '17 18:12 pranay414

Yes, you'd need to delete the original once encryption is done. Actually, for now, I'm serving the entire directory statically instead of a standard download procedure. I'd rather want to proceed with the same thing than writing a download procedure. So, if possible, try to compress the files once uploaded and then use encryption on the zipped file rather than encrypting the file. And it should be possible to manually decrypt the file (offline too) with a password.

nkprince007 avatar Dec 29 '17 06:12 nkprince007

@nkprince007 any references on how to manually decrypt(offline too) with a password. I compressed the files using fs.exec() and then encrypted it as a .dat file, is it ok?

pranay414 avatar Dec 30 '17 10:12 pranay414

https://stackoverflow.com/questions/14829782/generate-a-password-protected-zip-file-in-node-js

nkprince007 avatar Dec 30 '17 18:12 nkprince007