javascript - Envelop encryption large file

问题描述

We are building a mobile app which requires storing files encrypted on the device and later upload it to a server. Only the server needs to be able to decrypt it and if the device is compromised the files should be not decryptable.

I've been exploring using public key encryption for this purpose however I've read in some places that using asymmetric keys to encrypt large files isn't efficient and envelop encryption is a better approach. The steps for envelop encryption/decryption are

1. Client device (C) gets Server (S) public key
2. C creates a symmetric data encryption key (DK)
3. C encrypts file using DK
4. C encrypts DK with S's public key
5. C uploads file to S with both the encrypted file and encrypted DK
6. S decrypts the encrypted DK using it's private key
7. S decrypts the file using DK

My question: Are the above steps correct and are there libraries that implement this flow? AWS encryption SDK provides this functionality, however we need to implement this in mobile app which isn't able to connect to/use AWS

标签： javascriptc#amazon-web-servicesencryption