Ensuring Data Security During Decryption and Re-encryption Process

Scenario:

Consider a scenario where Server 1 stores a 600-800 KB ebook encrypted with a certain private key. Server 2, a computation-purpose server, holds this private decryption key and get access to the encrypted file. Its task involves decrypting the file and re-encrypting it with a public key using a specific algorithm.

Problem:

The problem lies in ensuring that Server 2 doesn't create a local copy of the decrypted file during the computation process. The objective is to guarantee that the decrypted content is never exposed, only a new encrypted file should be generated as an output.

Questions:

• How can one ascertain that Server 2 refrains from storing the decrypted file during the computation process?
• What type of decryption-encryption algorithm is suitable for achieving this goal? The intention is to produce a new encrypted file without generating the decrypted content as an output.
• Is the preferable solution software-engineered, such as using a Homomorphic encryption computation? Alternatively, would a hardware-oriented approach like Trusted Execution Environments (TTE) or Secure Enclaves be more effective in this context?

Your insights and expertise would help me a lot to select an approach that effectively maintains data security and privacy throughout the decryption and re-encryption process.

In this scenario it seems like you must trust one party, and based on the fact that server 1/client holds the encrypted ebook, you don't trust them, thus you must trust server 2.

A potential (and simple) solution to your specific problem would be to trust server 2 and implement controls to prevent this by the trust party operating the server(s). This decryption process could only be done in memory, for example, and then the file system is never touched which solves the core issue. This would be especially helpful if you file is only a few KB anyways. Of course at scale, this could present challenges but I'm not sure this is the best question/problem to be introducing at scale.

I don't think we know enough about the specifics of the goal you are trying to achieve through this post, so nuances are likely to come up from answers. In terms of algorithms that you asked about, this would depend on your application again. If this is a production system, perhaps there are guidelines on the type of information you are storing from a regulatory body if you must be compliant in a certain framework.