ivanscorral / secure-file-sharing-backend

The Secure File Sharing Platform's back-end manages file uploads, encryption, downloads, and auto-deletion. Built with Node.js and Express, it ensures secure, scalable, and efficient handling of temporary anonymous file sharing, adaptable for various front-end integrations.
MIT License
3 stars 0 forks source link

Implement File Encryption #2

Open ivanscorral opened 1 year ago

ivanscorral commented 1 year ago

Issue: Implement Secure File Encryption Using AES within CryptoService

Overview

To enhance the security of uploaded files, integrate AES encryption within a new CryptoService class. The encryption process should be triggered immediately after the file is temporarily stored on the server by FileService.

Objectives

  1. Ensure Data Confidentiality: Encrypt files to protect the contents from unauthorized access.
  2. Performance: The encryption process should be efficient, capable of handling files up to 1GB.
  3. Flexibility: The encryption method should be configurable to allow for future changes in the encryption algorithm.

Tasks

Future Enhancements

  1. Implement multi-threading for further speed improvements.
  2. Explore hardware-accelerated encryption options.
  3. Add options to stream large files to reduce memory consumption.
ivanscorral commented 1 year ago

Buffer encryption and decryption have been implemented in src/services/fileService.js.

Right now they use AES-256-CBC as default:

 /**
   * Encrypts a data buffer using AES-256 in CBC mode.
   * @param {Buffer} data - The data buffer to encrypt.
   * @returns {Promise<Object>} The iv, key, and encrypted buffers as a JSON object.
   */
  async encrypt (data) {
    const iv = crypto.randomBytes(16)
    const key = crypto.randomBytes(32)
    const cipher = crypto.createCipheriv('aes-256-cbc', key, iv)
    const encrypted = Buffer.concat([cipher.update(data), cipher.final()])
    return { iv, key, data: encrypted }
  }

A CryptoService should be implemented to allow for more customization and control.