0

I want to encrypt a big static file on the server with Nginx when it's serving it. I want the encryption to be done with the public key sent in the request as a header and I want this endpoint to be accessible only to specific users (if someone finds the url, he should get access denied if he's not allowed to access the file.) I want Nginx to serve these encrypted files with random access.

First question: Is it possible at all? (for the authorization part I'm all ears to know if there's any solution, my authentication and authorization is done in Django, session keys stored in postgre, but I have no idea if it's feasible to share it with nginx.) Can a lua plugin for nginx read session data from postgre (or redis) and do the authorization checks with good performance?

Second question: How?

One possible solution I though about is using different certificate files (generated with passwords by django) to serve files as https. But I have no idea if it's possible to use different certificate files dynamically generated based on URI or not and I have no idea if nginx can serve files with asymmetric encryption over https or if https protocol supports it at all even if client is a custom client other than normal browsers than can parse data whatever way needed.

Another possible solution is writing a Lua plugin for Nginx but that'd be extremely expensive solution for me considering my resources. But I'd be thankful if someone could tell me if it's possible at all even with a custom plugin or not.

Sassan
  • 2,187
  • 2
  • 24
  • 43
  • No, first question should be: why? You've got django and all the power if python to do whatever you want. – Alexey Ten Jun 01 '16 at 19:57
  • How secure do you want this to be? Just good from a casual view or actually secure? If the second hire a cryptographic domain expert, getting security correct is not trivial. Which is it? – zaph Jun 01 '16 at 20:23
  • @AlexeyTen There are 2 reasons, first I don't want to make the Django server busy. There'll be lots of requests for these encryptions and file sizes are around 800MB. Second I want static file servers features like random access, etc. I know I can implement these features perfectly in Django but by asking the above question I just wanna know if it's rational to pay that cost to implement it in Django or maybe nginx/apache/etc expert can give me an easier solution in a static file server. – Sassan Jun 01 '16 at 21:01
  • @zaph An asymmetric encryption with aes is enough for me, I have a little background in cryptographic that's enough to build it in Django perfectly, but what I need to implement it in a static file server is a cryptographic domain expert who knows Nginx perfectly or simply just someone who knows Nginx perfectly. There must be a trick to make nginx encrypt files asymmetrically using its ssl feature if not then I guess I should do it in Django. – Sassan Jun 01 '16 at 21:08
  • Asymmetric aes? Are you sure? – Alexey Ten Jun 02 '16 at 10:06
  • @AlexeyTen not AES really, RSA or some other asymmetric encryption. – Sassan Jun 02 '16 at 11:42

0 Answers0