GnuPG encrypting all file uploads

I would like to encrypt a file as it gets uploaded, generally what happens is that it gets written to disk and then you can en开发者_C百科crypt it from there, I would like to encrypt it before that happens. Is there any module for a http server or for an application framework that would allow me to do that, I don't want to spend a lot of time working on writing the software for this, but if needs must I'll do it.

The important thing is that no unencrypted record ever touches the hard disk.

The hard drive is already encrypted using aes but as the server can be accessed by a third party without my knowledge I would prefer if there was some way to prevent the actual data being /that/ easily compromised.

Sysadmin answer: ramdisk holding area for pre-encrypted data. Never touches the disk, problem solved. No?

Here is the answer I have received but haven't tested yet, I'm not going to mark it as the answer until I have tested exactly what it does.

The answer is this django project, it's for leaking websites, it reads the entire file into memory and then encrypts it. http://gitorious.org/deaddrop/deaddrop/blobs/master/drop/views.py

There is however a way to chunk the data

http://docs.djangoproject.com/en/1.3/topics/http/file-uploads/

There is also a problem that the httpd is handling the file upload and can ignore the application framework depending... so I need to test it out a lot before I'm sure what it's doing.

However that said I'm pretty sure you can do it with wsgi which I'm pretty sure that django does when you use mod_wsgi with apache... not sure what other web servers use and I'd prefer to use something more light weight.

edit: if someone does happen to test this out rigorously, and posts it as an answer I'll mark that as the answer.

What I ended up doing was using mod_wsgi..

with that I'm able to take the upload as a stream and then encrypt it using PyCrypto works nicely

        inputLength  = int(environ.get('CONTENT_LENGTH', 0))
        input = environ['wsgi.input']
        f = open(dropDir + '/input','w')
        while 1:
                remain = inputLength - f.tell()
                if remain <= 0: break
                chunk = input.read(min(chunksize, remain))
                if  not chunk: break
                f.write(crypt.encrypt(chunk))
        f.close()

When I do that I end up encrypting the entire postdata using a stateful cipher and writing it into a file, I then save the key to another file after using GnuPG to encrypt that.