Hi everyone,
We want to develop a web file sharing system that clients will use to upload reports. The uploaded files will have stay confidential until used at various company departments. We can ensure on-the-Net confidentiality via SSL up to the moment the reports will be uploaded and saved at the service repository. We would also like to provide confidentiality up to the end user, when the people assigned by the particular company dept. get the report to their system. An obvious way to do it would be to distribute the public keys of each company dept. and have the clients encrypt the reports before uploading them. This however has two disadvantages:
a. it requires a public key distribution business process and
b. it would require PGP to be running on the client side, which is something we cannot always assume due to local security policies etc.
As you probably understand, the issue we try to resolve has to do with the files staying unencrypted at the company file repository once they have been successfully uploaded.
I would like therefore to propose using PGP NetShare to this end: The upload webserver will save the files at a PGP Netshare and result in the files getting encrypted by default. Then have each company dept. access the Netshare and get the files.
So my question is: can it be done? Have a webserver use a PGP Netshare as a storage place? I suppose the problem would not be using the storage itself as it behaves exactly as a shared drive. I would however worry about having the webserver use PGP to access it. Is there any way to do this? Could it be done perhaps by PGP command line?
Any other solution we could use in the same direction?
Many thanks,
Georgios