Hi, thank you for the answer. Is there any example of implementing a custom file system (I have seen FtpFile Interface)? Do I need to modify the source directly? Is there a way to hook my own custom filesystem class by configuration (e.g. like FtpLets)? (I don't like modifying sources, it breaks updates).
Otherwise, I have seen that we have full access to User password! Great. I wonder why no-one has done something like this already? No-one care for transparent secure data storage? Best Regards On Wed, Mar 6, 2013 at 8:26 PM, Niklas Gustavsson <nik...@protocol7.com>wrote: > On Wed, Mar 6, 2013 at 6:59 PM, Vincent Pazeller > <vincentpazel...@gmail.com> wrote: > > I am new to FtpServer and I am planning tu use it. Before, I would like > to > > know if anyone could confirm it will suit my needs... Basically, I would > > like to ensure secure storage on the server by transparently encrypting a > > file as soon it is uploaded and decrypting a file as soon it is > downloaded. > > Has anyone any experience with this? > > > > My feeling is that Ftplets would allow to do this. Here is what I would > > like to do: > > > > For uploads: create a onUploadEnd Ftplet and use a symmetric encryption > > algorithm (or PGP) to encrypt the uploaded file automatically > > To ensure this is feasible, I would need (I think): > > > > 1) Possibility to obtain the user plain password or a session key noone > can > > obtain and is constant per user (so I can use something like > SHA2(password > > + salt) as the key) > > 2) Possibility to easily access the uploaded file's data (to change the > > content). Ideally before it is even written to disk (So that the plain > file > > is never actually stored on the disk before being encrypted) > > > > For downloads: create a onDownloadStart Ftplet and use a symmetric > > encryption algorithm to decrypt the file automatically before the > download > > To ensure this is feasable, I would need (I think): > > > > 1) Possibility to obtain the user plain password/session key (so I can > use > > something like SHA2(password + salt) as the key) > > 2) Possibility to change the data before file is downloaded. The best > would > > be to be able to access the file, decrypt it and send the decrypted > data... > > > > Has anyone any idea on the feasibility of this? > > > > The crypto-system will be more complicated than this of course (this one > > only allows one user to access the data), but if this one is feasable, > > there is no limit to use something like PGP to allow multi-user access > > > > I would appreciate any advise from people knowing FtpServer deeper than > me > > and more precisely on what we can do with FtpLets or if there is a much > > simpler solution to my needs, of course :) > > I would recommend you to have a look at implementing this using a > custom file system instead of as an Ftplet. Doing so will be a more > natural way to intercept files as they are needed. In particular, look > at FtpFile.createOutputStream() and FtpFile.createInputStream(). > > /niklas >
