Score:-1

Crypto

What's the best encryption algorithm for storing files on a server?

Gaurav Mall

8/21/24, 6:02 PM

I'm making a cloud-based service. So, basically, my users will be able to upload files (any type of files) and they will be uploaded to a server. I am aware that I have two options:

Upload the files first and let the back-end handle the encryption
Encrypt the files first and upload then to the back-end

I want to use the second one. I think the first one is the more standard and better method. But in my instance, I think the second one would be better. That means the encryption would be done right on the user's device, therefore I need the algorithm to be fast and efficient. So, what encryption algorithm should I use to encrypt any kind of file, in a reasonable amount of time? I have no issue with the encrypted file being bigger than the original, just need it to be fast.

I know the question is vague since it might have more to do with programming, but any pointing in the right direction will be helpful.

Νote: I should add that a third-party service provides me with the user authentication and a back-end server that allows me to store files. So, the server itself and the communication between the user's phone and the server is secure, because those are implemented by the third-party service, who I trust. The only thing I need is to able to encrypt the files that are uploaded.

1 + 3

file-encryption

reference-request

AmigoJack

8/22/24, 5:31 AM

"_Server_" is just a computer, too, and "_user's device_" may be off the reality by far (f.e. virtualization, emulation, remote desktop handling...). Is the encryption even needed when the transport is done via [TLS, which may already use the AES cipher](https://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher)?

samuel-lucas6

8/22/24, 8:07 AM

I'm not trying to be rude, but if you don't know the answer to this question, you probably shouldn't be making a cloud storage service. Knowing your limits is one of the most important things in cryptography. It sounds like you need to do a lot more research (e.g. reading cryptography books, taking courses, implementing some algorithms) before you go down this route. You and your users will be better off for it.

Gaurav Mall

8/22/24, 10:19 AM

@samuel-lucas6 No, thanks, I'll take it as constructive criticism. I have many years to work with cryptography and I don't remember a lot of stuff (which is to be expected as I didn't have a sizable experience to begin with), so any pointing in the right direction is helpful.

Score:2

Crypto

Maarten Bodewes

8/21/24, 10:44 PM

Generally you can use AES in any secure mode of operation for that. AES is usually accelerated on the CPU, which means it is probably easily fast enough, while taking up little compute time. If you are dependent on a software implementation then ChaCha20 would be a better choice. For just keeping the data confidential CBC mode is fine and widely supported. AES-CTR has the advantage that direct access and parallelization are better supported.

It's probably best to use a random IV for any cipher / mode of operation, but beware that for AES-CTR this is usually the initial counter block, and you should understand how to configure it correctly. For any mode you should study the limitations e.g. when it comes to the amount and size of the messages to be encrypted.

Choosing the data encryption algorithm is the easy part. It is a lot harder to come up with a secure system. For instance, how can a client trust that the data is protected if the entire service is provided by the server? How is key management and key roll over performed? How is the user authenticated? Do you require that tampering the message is detected?

+ 5

Gaurav Mall

8/22/24, 5:36 AM

The server is secure, because I'm using a third party service, so they take care of the authentication and everything related. The only thing I need to do is the file encryption.

samuel-lucas6

8/22/24, 8:00 AM

@GauravMall File encryption still requires authenticated encryption to detect modifications and incorrect parameters for decryption. The current big two are AES-GCM and ChaCha20-Poly1305.

Maarten Bodewes

8/22/24, 9:07 AM

@GauravMall I don't know the details of that, but if you fully trust the third party for everything then you would not really **need** application level encryption. Encryption should be used to solve a particular problem set and the scheme you're using should represent a solution for the determined risks.

Gaurav Mall

8/22/24, 10:20 AM

@MaartenBodewes Okay, thanks for the answer though. I need a bit more reading to do before I start creating a cloud based service. I have the programming skills, just not the appropriate security knowledge. Upvote for the answer though +1.

Maarten Bodewes

8/22/24, 1:18 PM

You're welcome. And yes, that's the right order. It is very easy to make a working encryption system (although this assumes knowledge about binary / text representation and encoding, etc. - [so] makes it seem hard). However, making a system work is not the goal, you seem to need at least message confidentiality. So probably you need to protect against a hacker that steals the data but doesn't control the service. Define assets & adversaries, define & quantify risks, define a solution and **then** implement it.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What's the best encryption algorithm for storing files on a server?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.