Scenario:
Multiple clients to upload files to server over HTTP/S. Files are to be encrypted with company public key, for later decryption with company private key on a different environment. On upload, files are dropped (encrypted with company public key) on server.
Going the other way, company has to send documents back to clients. Each document is encrypted using public key of client and posted to the company server for retrieval. Client logs in to server over HTTP/S and grabs encrypted file. Once document is on client machine, they are to decrypt it using their private key.
Questions: - What is the best way to store the client public keys such that the application can easily grab these at encryption time? If a key server, where should the key server reside? - Once client has grabbed the encrypted file and downloaded it to their environment, is there an opensource option to decrypt the file?
This is ideally done in a Microsoft environment using ASP.NET. Any additional components, including keyserver are ideally opensource or failing that, affordable to a non-profit.
