1

I have a practical situation here, my company is a FTP server provider for some clients. The clients are sharing their files on our FTP server and have had no problem with access management and privacy policies so far.

Recently, our clients want to encrypt their files for one reason: " They don't want FTP server admin has access to their files".

Also, our company wants to enhance our FTP authentication method with digital signature. I know we can implement PGP encryption for sending file to FTP server, but the problem is when encrypted files receive, they will be decrypted by server with its private key and then the Admin have full access to those files.

By deployment of Public Key Infrastructure, each client needs to have a smart card in order to log-on to FTP server with digital signature. But it is not possible for our clients to encrypt their files based on receiver's public key. Because there might be a situation that there is several file recipients and one should encrypt a single file using dozens of public keys which takes forever!

So, My question is: "Is there a solution to encrypt files on FTP server which can be deployed in this situation?" Any help would be greatly appreciated.

A23149577
  • 153
  • 1
  • 11
  • 4
    Not the answer to your question, but you should not be using FTP at all because the FTP password is transmitted in the clear. As theterribletrivium says in an answer, use an encrypted transfer protocol. That would be something like SCP, FTPS, or SFTP. – Bob Brown Dec 02 '14 at 10:06
  • @BobBrown Yeah, as I mentioned we are developing PK-Enabled functionality for our log-on service. So, there is no password transmission we have digital signature for authentication. – A23149577 Dec 02 '14 at 10:55
  • BobBrown and Steffan Ullrich are both dead-on. Steffen answers your actual question, but Bob makes a good point. That is, the clients need to be responsible themselves for encryption. Archivers like 7-zip make it trivial to create encrypted archives, compressed or not. This could also be scripted via Python or possibly PHP as part of the client's upload routine. As to BobBrown's point - if your clients consider it sensitive, they should certainly not be using FTP. An encrypted alternative is a definite need in this situation. – Bendustries Dec 02 '14 at 10:23
  • 1
    Your clients indeed should encrypt it themselves, and using e.g SSH instead of FTP also ain't a bad idea. However, you might want to take a look at the concept of Zero-knowledge services: https://en.wikipedia.org/wiki/Zero_knowledge – O'Niel Feb 11 '16 at 16:04
  • If I understand the question A23149577's correctly, the question is meant to be: Is there FTP (whether FTPS or SFTP) server software that can encrypt the incoming data stream to disk and decrypt the outgoing data stream from disk to user so that local users of the system running the FTP Server software do not have access to the customer's data on disk. This is a legitimate question that is not answered by throwing responsibility for data encryption onto the customer or redesigning the A23149577's workflow. The benefits of a positive answer to this is the facilitation of automating the handling – Larsman Oct 05 '16 at 17:01

2 Answers2

7

Recently, our clients want to encrypt their files for one reason: " They don't want FTP server admin has access to their files".

With this requirement the encryption should not be done at the server side. Otherwise an administrator could just grab the content before it gets encrypted. And of course the management of the passwords/keys should also be accessible to the client only.

This leaves only encryption at the client side. There are several solutions for it, like password protected archives etc. Or, one could use PGP and help clients by setting up a private PGP key server to make exchange of public keys easier. The keys itself should of course by generated by the client itself and the private key should be kept at the client side.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Thanks for your answer, I am aware that the encryption should be done at client side and password protected compression is the most simple situation here. I intended to come up with more automatic solutions which not use symmetric encryption and exchanging key via e-mail for example. – A23149577 Dec 02 '14 at 10:59
  • Clients can also use proven asymmetric encryption like PGP. In this case they only need to get the public key from the peer to share a file. To ease sharing of public keys you might setup a key server, but key generation and publishing to the server has to be done by the client again to keep the private key secure. – Steffen Ullrich Dec 02 '14 at 11:57
  • I believe this solution is best, because in this model we are not worried about symmetric key exchange any more between clients. Thank you for your answer – A23149577 Dec 02 '14 at 14:10
  • I've added the idea to the answer. – Steffen Ullrich Dec 02 '14 at 14:26
5

My suggestion is to have your clients manage their owns encryption password or certificates. Certain FTP clients will allow the use of encryption, as an example: http://www.coreftp.com/docs/web1/FTP_Encryption.htm. I want to make sure though that you're actually using some type of encryption for the transit of their data. You don't mention it and since vanilla FTP doesn't use encryption by default I want to be sure that part is covered too.

theterribletrivium
  • 2,679
  • 17
  • 18
  • 1
    Actually our current FTP server uses SSH connection and it's almost secure, but as I mentioned we are moving to authentication via digital signature and public key infrastructure which helps us make our log-on system more secure. Maybe we have to implement some kind of custome SFTP for our situation though. – A23149577 Dec 02 '14 at 11:02