Implement File Encryption

[ivanscorral]

Issue: Implement Secure File Encryption Using AES within CryptoService

Overview

To enhance the security of uploaded files, integrate AES encryption within a new CryptoService class. The encryption process should be triggered immediately after the file is temporarily stored on the server by FileService.

Objectives

1. Ensure Data Confidentiality: Encrypt files to protect the contents from unauthorized access.
2. Performance: The encryption process should be efficient, capable of handling files up to 1GB.
3. Flexibility: The encryption method should be configurable to allow for future changes in the encryption algorithm.

Tasks

• [x] Key Management: Generate a unique encryption key for each file. Ensure these keys are stored securely.
• [x] Implement AES Encryption: Apply AES-256-CBC or another robust AES variant.
• [ ] Create CryptoService Class: This new class should handle all encryption-related activities, separate from FileService.
  • [ ] Implement encrypt method.
  • [ ] Implement decrypt method.
• [ ] Configurable Algorithm in CryptoService: Make the encryption algorithm configurable through options or environment variables.
• [ ] Dynamic IV and Key: Receive the Initialization Vector (IV) and encryption key from the CryptoService, allowing for better key management.
• [ ] Performance Analysis: Conduct performance tests to analyze how various algorithms perform with file sizes ranging up to 1GB.

Future Enhancements

1. Implement multi-threading for further speed improvements.
2. Explore hardware-accelerated encryption options.
3. Add options to stream large files to reduce memory consumption.

[ivanscorral]

Buffer encryption and decryption have been implemented in src/services/fileService.js.

Right now they use AES-256-CBC as default:

 /**
   * Encrypts a data buffer using AES-256 in CBC mode.
   * @param {Buffer} data - The data buffer to encrypt.
   * @returns {Promise<Object>} The iv, key, and encrypted buffers as a JSON object.
   */
  async encrypt (data) {
    const iv = crypto.randomBytes(16)
    const key = crypto.randomBytes(32)
    const cipher = crypto.createCipheriv('aes-256-cbc', key, iv)
    const encrypted = Buffer.concat([cipher.update(data), cipher.final()])
    return { iv, key, data: encrypted }
  }

A CryptoService should be implemented to allow for more customization and control.