Secure way to share a one large file

tbigs2011 · August 13, 2021, 6:46pm

Hello everyone,
I have a large file (~20GB) that I’d like to send to someone in a secure manner. I’m worried about the large cloud companies accessing and/or knowing that I am sharing this file. Does anyone have any experience with something like this? I was thinking of zipping it with 7zip while randomizing the name and adding a password to the archive to obfuscate the file. Then to distribute the file to a handful of people I was thinking I could create a VM on Linode or Digital Ocean harden it and then grant SSH access to the few users I want to download the file via SSH.

Does anyone have any better suggestions or see any flaws in my proposed plan?

neogrid · August 13, 2021, 6:59pm

It’s easy enough to setup an isolated vlan, an OpenVPN server and a virtual machine on your network. Then distribute the opvn file, username and password independently.

I’ve set up precisely this for sharing with friends without risking my network. If I have any doubts I can simply revoke certificates.

tbigs2011 · August 13, 2021, 7:03pm

That’s a good point @neogrid. Thank you for your response. I already have OpenVPN and VLANs setup currently so that would be relatively easy. The only down side is my connection. I only have a 15 Mbps upload speed. I will consider that though.

What do you think about password protected 7zip files? Do you think something like that will hold up if someone really wanted at it? Do you know of any programs to encrypt single files that does a better job?

neogrid · August 13, 2021, 7:34pm

I’ve used KeepassXC to distribute stuff, you can also use a key file which the user needs to unlock keepass, that can be distributed by another means. I figure password managers must be difficult to crack, especially if a key file is required.

7zip is probably more focused on compression.

neogrid · August 13, 2021, 10:55pm

Actually I see it also does encryption, should work. But maybe a brute force attack could work. Probably best to use several layers of protection.

Spectre · August 14, 2021, 9:17pm

Just put it in a zip file, set a password (encrypt it) and maybe split it in small parts. These small files are easier to handle and distribute.

bcadej · August 20, 2021, 5:42am

Setup Syncthing. Even if you have a slow connection, it doesn’ matter. Go to bed and then to work, do some stuff, go to bed again and work and the file will be transferred. You can acctually forget that anything is happening.

Stephen · August 20, 2021, 7:45am

You do have the option of using asymmetric encryption based on PKI with opensource solutions like the PGP tools this will mean that you have over the wire and at-rest encryption should you need it. Of course, encryption/decryption of files of that size is quite tedious, but you could also chop the file into 20 x 1 Gig chunks

tbigs2011 · August 20, 2021, 12:42pm

Thank you everyone! I completely forgot about Syncthing. That might be an easy solution. PGP Tools is also something I’ll look into.

kfonda · August 21, 2021, 12:35am

There’s always Fedex.

linuxguy · August 23, 2021, 1:10am

Upload it to an ec2 instance or s3 bucket with a free AWS account and send the ssh keys via telegram. Enable SSL and encryption at rest.

Peter4563 · September 1, 2021, 8:53am

This is pretty secure too:

https://onionshare.org/