存储>> opendelta>> 返回
项目作者: aeri

项目描述 :
Secure web file retriever based in PHP
高级语言: PHP
项目地址: git://github.com/aeri/opendelta.git
创建时间: 2020-03-07T01:29:39Z
项目社区:https://github.com/aeri/opendelta
开源协议:GNU Lesser General Public License v3.0
下载




opendelta

A public file retriever via HTTP to provide links to files in secure environments. This system allows you to recover a file hosted on a web server in a safe way by hiding the real path, real file name and restricting access to authorized users who haven’t the encryption key.

As an encryption mechanism it is proposed to use AES-256-CBC through the cryptographic extension of PHP OpenSSL (PHP 5 >= 5.3.0, PHP 7).

  • Protect your public files with encrypted secure links.
  • Hide real files location.
  • File access accounting.

Engine

All files that you want to be accessible via the secure links can be located anywhere on your computer, PHP will take care of reading them and providing them if you have access to them.

  1. From the name of a file to be accessed, it is encrypted using a symmetrical key algorithm. This encrypted string is part of the secure link to access the remote server file.

  2. The encrypted string is converted in index.html with Javascript to Base64 in client side so that the transmission does not present coding problems. This is done in an intermediate phase.

In this phase, this coded string is automatically sent to the delta.php script using GET with x parameter.

  1. Using PHP in server side, the name of the file is decoded with a symmetrical AES key. If the key is correct, the server will obtain the file and return it to the user. Otherwise, the user is redirected to a page specified by the user.

The server record the access with timestamp and IP address.

Setup

In order to configure the retriever, a number of parameters must be set:

  • The path where the files to be retrieved are located must have the proper permissions for the PHP server to access them:
    1. $rute = '<ABSOULTE_PATH>';
  • The site to which the user will be redirected if the file cannot be found or decoded:
    1. $domain = "<DOMAIN>";
  • Set the values of your password and initialization vector. Both must be the same as those used to generate the secure link as explained below. Note that the key must be provided in hexadecimal and 32 digits.
    1. $password     = hex2bin('<PASSWORD>');
    2. $iv         = hex2bin('<IV>');

To obtain in secure link it is necessary to generate by means of symmetric encryption the encrypted name of the file to which you want to retrieve.

  • Using openssl for GNU/Linux
  1. echo -n "<FILENAME_TO_ENCRYPT>" | openssl AES-256-CBC -K "<KEY>" -iv "<IV>" -a -salt
  • Using PHP
  1. $output = openssl_encrypt("<FILENAME_TO_ENCRYPT>", 'AES-256-CBC', $password, 0, $iv);

Note that the key must be provided in hexadecimal and 32 digits.

Now, with the encrypted string is possible create the secure link. The generated secure link must have the following structure: http://example.com/opendelta/?=<encrypted_string>

License

This project is licensed under GNU Lesser General Public License v3.0