views:

380

answers:

3

-new- I found another use. Theres some data submitted to me via HTTPS POST data and i'd like to store it in my db (Such as mother maiden name that customer support may need to read later instead of spelling incorrectly checking if the hash matches). I only need that section encrypted and not the entire DB and using a separate DB may not be worth it. Question: How might i use a premade public key to encrypt a symmetrical key + text using .NET? (the rest is for context, i just want an answer plz)

-edit- I have done symmetrical encryption before. How do i encrypt the symmetrical key with the public key? a nice bonus is if you can tell me how to generate the public/private key in a separate app so i can create them and store only the public key in my a app.

I am considering having cheaper less stressed site grab backups automatically from a more busy site. Transferring the data is not a problem since i can use https but i dont completely trust that my cheaper site is as secure or wont have people looking around at my files. I mostly want to protect email address and PM if i have them on the site.

So i am wondering how i can have a public or private key in my app which encrypts the data so only i (or whoever i give the key(s) too) can decrypt the backup. How do i do this in .NET. logging in and transferring i can write in a few minutes but how do i encrypt the stream as i write it?

-edit- it just hit me. The user/pass wouldnt be a secret. So i would have to encrypt my backups before the transfer. How do i encrypt a symmetric key with a public key using .NET. Then decrypt it on my side. Encryption the file with a symmetric key i know how to do.

+12  A: 

First off: defense in depth. If you have concerns about the security of the backup site secure the backup site. Mitigating attacks through encryption is a good idea, but it should not be the only idea.

Second, why are you thinking about using public/private key crypto? Normally you'd only use public/private key crypto when attempting to communicate a message from a sender to a recipient. What value does public key crypto add to your scenario?

To encrypt the stream in C#, this page might help:

http://support.microsoft.com/kb/307010

UPDATE:

Absolutely, YES, you have to encrypt the files before they get to the site which you are assuming is compromised.

You believe that the site might be insecure. The assumption you should be making is that the site is your enemy and is trying to hurt you. Start thinking like your attacker thinks. What would your enemy do? If I were your enemy and you handed me a bunch of files to store on your behalf, I might:

  • delete your files
  • corrupt your files
  • read your files
  • log every byte that comes in or goes out for analysis later
  • replace your files with hostile files -- in particular, all executable code, scripts, and so on, that you store on this site, you should assume are full of viruses targetted specifically at attacking you
  • do stuff to get you in trouble -- forge messages that look like they come from you, and so on

Assume that the insecure backup site operators are trying to do all of those things to you. Crypto is a mitigation for some of those attacks, but not all of them.

No offense, but it is very clear that you do not know enough about crypto to solve this problem with any reasonable chance of getting it secure against real attackers. That's nothing to be ashamed of; I don't have this knowledge either. Rather, I have sufficient knowledge to know that this problem is beyond me. There's nothing wrong with trying to learn more about crypto; I strongly encourage that. But if you have a real threat here, and you're trying to mitigate it with professional-strength crypto tools, do not roll your own solution. Go hire an expert consultant in this field who can advise you on what the right thing to do is given the realistic threats that you face.

Eric Lippert
I worked at server co and a friend of my had this happen to him and showed an attack to prove it to the company (this was before i arrived) and through improper virtualization settings other people can get to your site with an attack. Even if this isnt a problem most of the time or is a problem on the main site i still prefer to decrease it if i am putting it on another server. I wouldnt have the ability to 'secure the backup site' in this case.
acidzombie24
Great link. This shows how to encrypt a file while using a stream. But it looks like its only using a symmetric key. I can generate a symmetric key but how do i encrypt the key with a private/public key in .NET?
acidzombie24
@Eric - I agree that a public/private key is unnecessary if the backup app is on a middle system that reads from the main site and writes to the cheaper site. Symmetric key encryption is faster, too. But if the backup app is on the cheaper server and could be compromised, then a public/private key would be preferred.
ebpower
sorry for changing part of the question on you. This answer did solve a big problem!
acidzombie24
A: 

You encrypt with a symmetric key, then encrypt the symmetric key with a public key, then drop the symmetric key. Only the owner of the corresponding private key (you) can later decrypt the symmetric key, and hence the document. There is no secret stored in the app. The good news is that ther just about a tonne of out of the box products (pgp) and protocols (s-mime) to solve this.

Remus Rusanu
I just realize i need to encrypt before the transfer. ATM i am using sqlite so i can lock it for a minute and use any app to read it. `gpg-zip` looks like it may work but i dont see a way to give a non symmetric key (it looks like prompt and i dont feel like hacking up stdin). Do you happen to know of util off the top of your head (i'll research more as when the weekend comes)
acidzombie24
Just use GPG. You don't need to enter any password when encrypting - it just uses the recipient's public key (which you should store in your keyring). Your private key never has to go near either server - you can keep it in your office safe, until you actually have to restore a backup one day.
caf
+1  A: 

You can use an symmetric key algorithm (AES, DES, Triple-DES) to perform an encryption on your code, and store it a hex in your database (in a nvarchar field). Since, you done need to transfer that in encrypted form to someone else, you wont need to use any assymetric algorithm (like RSA, ElGamal etc.) If you something like RSA, you would also have to consider signing with data using something like PGP.

But, irrespective of which algorithm you use, you would need to make sure your keys are as secure as possible, i.e. your symmetric key for AES, and your private key for RSA etc.

This article, provides an tutorial on how to perform Symmetric encryption with/without Salt.

http://www.obviex.com/samples/Encryption.aspx

Bhaskar
I have done symmetric encryption before. Everyone linked me to that. How do i encrypt the symmetric with a public key in .NET?
acidzombie24