We are need your help to fix a small issue in the core of our website and integrate the encryption library into our website. Please check the below!!!
1. Fix the user delete function: when delete a user, all file of them has not be removed from the B2 bucket!! (we store files of all user in a single bucket, but we need to remove files belong to a certain user when we delete that user?). Could you help us fix this problem?
a. Make an option that user can turn ON or OFF if they want to encrypt their file before upload to the website (then to B2). If the option is ON, file will be encrypted on user browser before sending to the server. If the option is OFF, we will upload file as normally (without encryption).
=> We need to add an “encryption_marked” column with value of 0 or 1 to check if the uploaded file is encrypt, because we need to decrypt it when download!!
b. When the encryption button is ON, we would like to make the following:
i) We will generate a random Passphrase (random string) to act as an “encryption key” for EVERY FILES a user upload (each file will have separate encryption key) and we use this key to encrypt the file
ii) After that we will encrypt this “encryption key” by that user PLAIN PASSWORD (the clear text password they type everytime they sign-in – not the hashing password!!) and store the “Encrypted encryption key” in the database (it means we don’t have the “encryption key” on the database, we just have the “encrypted encryption key” that has been encrypt by their plain password)
=> We need to add an “encrypted_key” column on the File table to store the “encrypted encryption key”
c. When user download a file, we will to send back the “encrypted encryption key” to their browser, then decrypt it with their plain password => so we have the “decryption key” or the plain form of the encryption key that we generated in the step a)
d. When user share a file, we need also send back the encrypted key to their browser, then decrypt it with their password and add the decryption_key into the sharing-link in form:
[url removed, login to view]
when another user download a file, we will use this decryption key to decrypt the file