Personal computing discussed

Moderators: renee, morphine, Steel

 
alphadogg
Gerbil In Training
Topic Author
Posts: 8
Joined: Sat Nov 06, 2004 10:06 pm
Location: Romaing the southeastern US

Transfer Large Files From Remote Site Securely

Fri May 12, 2017 9:33 am

What is a user-friendly way to get 50+GB files from a remote system, shipped encrypted, to me? I presume I could either buy a portable drive with built-in encryption, but do any allow the use of a public key? Most seem password-based, and sending a password separately seems insecure. Or, I could send a regular drive, but the user on the other side would have to use some software to do this properly. What should one recommend? Looking for ideas.
 
morphine
TR Staff
Posts: 11600
Joined: Fri Dec 27, 2002 8:51 pm
Location: Portugal (that's next to Spain)

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 9:42 am

If you're looking for a really simple solution, Windows' BitLocker works on USB sticks.
There is a fixed amount of intelligence on the planet, and the population keeps growing :(
 
Flying Fox
Gerbil God
Posts: 25690
Joined: Mon May 24, 2004 2:19 am
Contact:

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 9:48 am

Mega? Assuming both sides can do 50GB+ transfers reasonably fast and without caps.
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
 
cheesyking
Minister of Gerbil Affairs
Posts: 2756
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)
Contact:

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 9:49 am

An alternative to full disk encryption and depending on your definition of "user friendly" you could use GPG which has a windows GUI frontend here: https://www.gpg4win.org/

Can you use bitlocker when you only share a public key?
Fernando!
Your mother ate my dog!
 
Aether
Gerbil First Class
Posts: 154
Joined: Sat Dec 20, 2014 8:50 pm

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 10:32 am

As far as I'm aware, encryption programs like Bitlocker and VeraCrypt only do private-key encryption. The only encryption program of which I'm aware that can do public-key encryption is PGP and derivatives like GPG. However, I have never used any of these, so I have no idea how difficult or not this is. It looks like they are designed for transmitting data via email, so it's not clear to me how they would be used for "at rest" data on a drive. Hopefully, someone knowledgeable about PGP or GPG can comment.

Also, FWIW I just read that because public-key encryption is computationally expensive, it is only used to encrypt the "session key" that is then used as the key for private-key encryption of the data being sent. Interesting stuff.
 
Yan
Gerbil XP
Posts: 349
Joined: Fri Dec 21, 2012 9:37 pm
Location: Ottawa

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 10:34 am

cheesyking wrote:
An alternative to full disk encryption and depending on your definition of "user friendly" you could use GPG which has a windows GUI frontend here: https://www.gpg4win.org/


I was wondering whether it's realistic to use GPG on files this big (for example, whether it would be too slow), and found this warning that for files larger than 32 GB, one should use Twofish, AES, or Camellia rather than the default RSA-2048.
 
TwistedKestrel
Gerbil Elite
Posts: 686
Joined: Mon Jan 06, 2003 4:29 pm

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 10:40 am

You have to assess what the threats to/value of this data is, and keep in mind that whatever party at the remote end that has this data already implicitly has your trust. Are you worried about a targeted attack, or are you worried about it ending up in the wild as the result of a opportunistic attack?

If I wanted my dad to send some quasi-sensitive stuff (that clearly isn't so sensitive that he doesn't have access to it) in your scenario, probably would just use Bitlocker and a horse-battery-staple password over the phone. If it was very sensitive/dangerous stuff, don't really see a way around travelling there if a prior key or credentials were not already established. Just handling a public key can be difficult for users, let alone using it to encrypt files.

What are the chances of you being able to encrypt it yourself remotely?
 
TwistedKestrel
Gerbil Elite
Posts: 686
Joined: Mon Jan 06, 2003 4:29 pm

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 10:42 am

Yan wrote:
cheesyking wrote:
An alternative to full disk encryption and depending on your definition of "user friendly" you could use GPG which has a windows GUI frontend here: https://www.gpg4win.org/


I was wondering whether it's realistic to use GPG on files this big (for example, whether it would be too slow), and found this warning that for files larger than 32 GB, one should use Twofish, AES, or Camellia rather than the default RSA-2048.

If you're going that route, you could always just use GPG to exchange a normal (symmetric) key
 
cheesyking
Minister of Gerbil Affairs
Posts: 2756
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)
Contact:

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 10:48 am

If you're going that route, you could always just use GPG to exchange a normal (symmetric) key


Thought that was how it worked anyway. Must admit I've never used GPG directly.

Also, you could just split the file or if this is a one time thing, just put up with the slowness.
Fernando!

Your mother ate my dog!
 
alphadogg
Gerbil In Training
Topic Author
Posts: 8
Joined: Sat Nov 06, 2004 10:06 pm
Location: Romaing the southeastern US

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 11:46 am

So, I thought GPG4Win was for emails. It can be used to encrypt files? That might be the way to go.

The scenario here is a largish B2B file transfer on a semi-periodic basis, no grandpas involved, but some limitations on the ability of staff to connect to any external third-party service like Mega. Even then, the files need to be encrypted before upload to any such site.
 
cheesyking
Minister of Gerbil Affairs
Posts: 2756
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)
Contact:

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 1:06 pm

alphadogg wrote:
So, I thought GPG4Win was for emails. It can be used to encrypt files? That might be the way to go.

The scenario here is a largish B2B file transfer on a semi-periodic basis, no grandpas involved, but some limitations on the ability of staff to connect to any external third-party service like Mega. Even then, the files need to be encrypted before upload to any such site.


If it's semi regular, you have the bandwidth to send this stuff over the net and you can open a port at one end I'd consider setting up an ssh server so the files can be rsync'ed (possibly one at each end with maybe one end having samba so the users can just drop the file in a windows share and the automagically transfer over night or something. Depends how much trouble you're prepared to go to so it's easy for the users.
Fernando!

Your mother ate my dog!
 
DragonDaddyBear
Gerbil Elite
Posts: 985
Joined: Fri Jan 30, 2009 8:01 am

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 1:30 pm

User friendly? I'm not saying this is the most secure way, but you could leverage DropBox, Box, OneDrive, etc.. Just share the root folder you want them to have access to using the web and drop your files in there. Done. You can automate it, too, by having your jobs drop the file in the appropriate folder. They can use any number of methods to get the file. Data at rest encryption would be handled by GPG if you even need it. You already need them to authenticate and you authorize the access. GPG would be an additional layer. It depends on how sensitive the data is and how much risk you want to accept. You could automate it pretty easily with some PowerShell. Additionally, you might need to purchase a business-class service from the service to stay within the bounds of the EULA, though.

If you want a more secure way you'll need to invest in a service of some sort for secure FTP that uses GPG for encrypting the files and/or PKI for authentication with ACLs to white list authorized businesses.
 
LASR
Gerbil First Class
Posts: 147
Joined: Fri Jan 10, 2014 9:35 pm

Re: Transfer Large Files From Remote Site Securely

Fri May 12, 2017 2:04 pm

rsync over SSH? Have them generate a key pair and give you their public key.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On