File transfers with post-transfer encryption

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Can or how do I set up a system so that after a remote user transfers a
file to my local server the file is immediately encrypted with GnuPG?
That is, as soon as the file contents are received, they are passed to
a program that encrypts and then writes them to disk. I am using OpenSSH
3.8 and prefer a system that allows the remove users to use scp or sftp
and to be transparent to them.

A constraint is that the file contents must never be written to disk in
plaintext as this server resides in a DMZ and the contents of the files
are private health information. The goal of this is to limit the exposure
of our production servers by situating them behind a firewall while at
the same time allowing our trading partners to deliver files to us in a
more secure manner. Our production server would retrieve and remove the
files from the DMZ server. There would be no holes in the firewall from
the outside world.

Pointers to FAQs, books, and other resources are appreciated.

Scott McGerik

Re: File transfers with post-transfer encryption

Quoted text here. Click to load it

Why can't you ask the remote user to encrypt the files using your
public key before transfer?

Re: File transfers with post-transfer encryption

UnixFan wrote:
Quoted text here. Click to load it

That is my preferred approach, that is, have the remote users encrypt
the file before sending it with scp. And, I may have to push for that.
However, I have been also given the constraint that this file transfer
process be as "simple" as possible.


Site Timeline