2

Let's suppose I have a rented VPS hosted somewhere in the world. Considering that I don't have physical access, I'm interested in some method that would allow me to encrypt data on the server without the VPS provider being able to decrypt it. They shouldn't be able to figure out my encryption key, or make the whole thing reasonably hard or time consuming to decrypt.

So a protocol like this

VPS takes a part of the encryption key from me through a secured network tunnel. And takes another part from /dev/random for example. VPS sends me a lot of jibberish, that at some point includes the first part of the encryption key, that was taken from /dev/random. So that I can later decrypt the files if I need them.

So anyone that could manipulate the network so that he sees the plain text traffic, wouldn't know about where the important stuff, the key begins in the message. These message would also contain the offset on which the server sends the next encryption key.

I assume that if I found a VPS provider that by contract or by government law stores monitored network traffic for a specific period. (e.g. no longer than 3 months), after that period, the files I encrypted would be completely safe.

Is that true? How secure is this whole scenario? Should I use it in production?

(Before encryption, the files only exist for a very short period in the memory.)

Rápli András
  • 2,124
  • 11
  • 24
  • *"...that at some point includes the first part of the encryption key, ..."* - so you are actually replacing the key with information where the key is and moved the problem from securely sharing the key to securely sharing the keys location. How is this better? And why invent your own protocol instead of using established protocols like TLS or PGP to protect the key for transport or key exchange schemes like Diffie-Hellman? – Steffen Ullrich Jan 07 '17 at 21:37
  • I would be using TLS with this concept. – Rápli András Jan 07 '17 at 21:38
  • With a proper use of TLS nobody could sniff the key if you just send the key only with TLS. There is no need to add your key distribution scheme on top of TLS since it does not really add any security. – Steffen Ullrich Jan 07 '17 at 21:41
  • use some sort of E2E scheme and you'll be fine no matter what the service does... – dandavis Jan 08 '17 at 08:13
  • It would be much easier to de/encrypt the file locally after/before it goes to the server. – Julian Knight Jan 08 '17 at 20:33
  • That makes no sense, the purpose of the server is that it constantly analyzes data and makes reports about it. These are to be encrypted. – Rápli András Jan 08 '17 at 21:10

1 Answers1

3

This approach could have implementation issues, and there are already solutions to what you want.

It's simple; make an assymetric keypair (say PGP) on another server:

gpg2 --full-gen-key

Export the public (decryption) key:

gpg2 --output public.gpg --export me@mymail.com

Import the public key on the VPS:

gpg2 --import public.gpg

Use it to encrypt data on the VPS:

gpg2 --recipient me@mymail.com --encrypt my-file.txt

The result will be a file that is only decryptable on your local machine containing the other private part of the keypair. Be careful not to leave the file on the disk unencrypted, the VPS provider will make backups of the HDD.

J.A.K.
  • 4,793
  • 13
  • 30