Company keys generated once and stored in keys/.

Private key hidden; public key used for encryption.

Customer uploads any file type (.txt, .pdf, .jpg, .docx, etc.).

File encrypted with AES-GCM; AES key wrapped with RSA public key.

Signature created with company private key.

Encrypted file saved in storage/ with UUID filename.

Company selects encrypted file, private key, and public key.

File decrypted; original extension restored.

Decrypted file saved in storage/.

Audit log updated with timestamp, hashes, signature status, and keys used.

storage/audit_log.csv tracks every operation, providing a demo-level realistic audit trail.