Secure File Transport | February 2019 - March 2019

A project I'd been working at an old workplace to provide a secure file transport system, the idea was similar to the likes of "WeTransfer" and "YouTransfer" except all users log in similar to "Dropbox", from this point on they only have access to the files that were uploaded for them.

All files uploaded can be checked for a download per user (the system allows for a file to be access by multiple users if selected upon uploading) - from the uploading perspective there are two options for the files themselves: they can reside in storage for 90 days before being automatically removed, or the user can specify a removal date and from that point on the file is gone.

The files are uploaded and encrypted using OpenSSL to provide AES-256 encryption. The encrypted values are signed using message authentication code (MAC) so that their underlying value can not be modified once encrypted. When the user requests a file to be downloaded it is then decrypted and the user is given the download prompt.

Due to the nature of the workplace this was required due to dealing with sensitive information that is seen by the company before the public sector and therefor required to satisfy the ISO27001 audit.

Technologies used within this project were: front end of VueJS, HTML and CSS (SCSS), back end technology was PHP using Laravel.