0xbeef has asked for the wisdom of the Perl Monks concerning the following question:

Dear encryption monks

A colleague and myself have written a collector tool (in perl of course!) that collects o/s data on customer systems. Another tool performs an analysis of this data, potentially directly by the customer. The output could however be sent to us for in-depth analysis and audit purposes.

I have been researching a method to enable the customer to encrypt the output files before they are sent to us, but I am not experienced in encryption and scared I might miss something important.

The output files are 15-30MB uncompressed, or 1-5MB compressed. Initially I thought it would make sense to provide my public RSA key to the code (via config file), and use that to encrypt the data. From what I read only using an asymmetric cipher would be very slow, but I then started reading about hybrid encryption techniques - which for my purposes would work something like this:

1. Collector tool generates a random new encryption key.
2. Output is encrypted using this key with a fast symmetric method i.e. Crypt::CBC(?).
3. The symmetric key from step 1 is encrypted with Crypt::RSA, using my public RSA key, which is at least 2048 bits.
4. The encrypted data and now secure symmetric key is transmitted by the customer, preferably by SFTP.
5. The symmetric key is decrypted by myself, the holder of the private RSA key.
6. Customer data can now be unencrypted using the symmetric key, which is now known.
7. Customer data is analysed.

Obviously, only the private RSA keyholder can unencrypt the output file, so by implication the automated analysis tool we provide cannot be used at the customer site once the output is encrypted. I now intend to provide a configurable option to allow a customer RSA key as well, so that the encryption can be used to switch to allow for local or remote analysis.

Also, do I need to encrypt and then compress, or compress and then encrypt?

Any monastry scrutiny would be appreciated!