Secure File Transport | February 2019 - March 2019

Most recent project I've been working on is a project in my current workplace to provide a secure file transport system, the idea is along the lines similar to the likes of "WeTransfer" and "YouTransfer" except all users log in similar to "Dropbox", from this point on they only have access to the files that were uploaded for them.

All files uploaded can be checked for a download per user (the system allows for a file to be access by multiple users if selected upon uploading) - from the uploading perspective there are two options for the files themselves: they can reside in storage for 90 days before being automatically removed, or the user can specify a removal date and from that point on the file is gone.

The files are uploaded and encrypted using OpenSSL to provide AES-256 encryption. The encrypted values are signed using message authentication code (MAC) so that their underlying value can not be modified once encrypted. When the user requests a file to be downloaded it is then decrypted and the user is given the download prompt.

Due to the nature of my workplace this is required due to dealing with sensitive information that is seen by the company before the public sector and therefor required to satisfy the ISO27001 audit.

 

Technologies being used within this project are a front end of VueJS, HTML and CSS (SCSS), back end technology is PHP using Laravel.