Let's suppose I have a rented VPS hosted somewhere in the world. Considering that I don't have physical access, I'm interested in some method that would allow me to encrypt data on the server without the VPS provider being able to decrypt it. They shouldn't be able to figure out my encryption key, or make the whole thing reasonably hard or time consuming to decrypt.
So a protocol like this
VPS takes a part of the encryption key from me through a secured network tunnel. And takes another part from /dev/random
for example. VPS sends me a lot of jibberish, that at some point includes the first part of the encryption key, that was taken from /dev/random
. So that I can later decrypt the files if I need them.
So anyone that could manipulate the network so that he sees the plain text traffic, wouldn't know about where the important stuff, the key begins in the message. These message would also contain the offset on which the server sends the next encryption key.
I assume that if I found a VPS provider that by contract or by government law stores monitored network traffic for a specific period. (e.g. no longer than 3 months), after that period, the files I encrypted would be completely safe.
Is that true? How secure is this whole scenario? Should I use it in production?
(Before encryption, the files only exist for a very short period in the memory.)