The best data encryption strategy on Amazon AWS (EC2 / S3)...what would you do in this case?

Question

My Delphi 2010 application (currently in development) encrypt users' files and upload them to EC2 and then to S3. Users can download their files using a secure website (kinda like dropbox but in a different context, market, use, etc...)

I use RSA Encryption. I give my users the ability to choose whether they want to use their own private keys (generated locally) or use the shared key (located on the cloud)

When working on file download, I ended up with 4 possibilities that I must handle properly:

1. If a user uses his/her own private encryption key:

   a. Downloading from Delphi / Client: file is decrypted on user's machine after download

   b. Downloading from website / PHP: impossible (directly), unless I give the user the possibility to download a small utility that allows him/her to locally supply his/her private key and decrypt the file after download.

Pros/Cons: Secure, but not straightforward / too restrictive, and impossible to do on mobiles(?)

1. User choose to use my shared private encryption key (located on the cloud)

   a. Downloading from Delphi / Client: file is first decrypted via PHP on EC2 (then served to the user), in which case the download process could become very slow if many users are downloading files (unlikely) or if the files being decrypted are too large.

   b. Downloading from website / PHP: same as (a)

Pros/Cons: Straightforward/ just works, but may results in a huge CPU usage, unacceptable delay when downloading (esp. if the file size in question is huge).

My two-part question is:

1) Is there a better strategy to handle such scenario? and

2) What would you do (in term of encryption strategy / handling downloads) if you wanted to offer your users the ability to choose between private and shared encryption keys?

PS. I'm using Delphi 2010 (client) with PHP 5.3 running on the EC2 instance is running the latest standard Amazon Linux 2012 build

EDIT Traffic is always encrypted, so HTTPS only!

EDIT 2 I'm using GPG for encryption / decryption

Answer 1

If you're forced to offer server side encryption/decryption, use system()/exec() with openssl or something. I would hate to see PHP used to encryptd/encrypt anything large, simply because it's not really designed to do so. In that case, it would be important to delete unencrypted version of files after some time.

As with what you're trying to do, it's really difficult to have something secure on the server side. If you're encrypting/decrypting small stuff, you can probably do it in javascript in your browser - perhaps see https://www.google.com/search?q=javascript+aes&sugexp=chrome,mod=16&sourceid=chrome&ie=UTF-8

What I would do:

1) Upload to EC2. Generate a random password, encrypt that with your public key, and store that. You don't want to use asymmetrical encryption for large stuff. Encrypt with openssl via command line with the previously generated random password. Upload to S3 the encrypted file. Delete (perhaps shred) the unencrypted file.

2) For downloading, fetch from S3. Have your user upload private key. Use private key to decrypt encrypted version of the previous random password. Now use that password to decrypt the file using openssl. Make the name a hash of something random so it can pass right through nginx/apache without PHP. Have cron clean that up every x minutes.