views:

78

answers:

4

I have an offline kiosk computer that will be running a LAMP web server and hosting a form for people to walk up and fill out. The data they submit will be encrypted and stored in a MySQL database (all stored locally on that machine).

The concern is that if the entire box was stolen, someone would potentially be able to get into the code, see the encryption keys and decrypt the data.

Is there any way to accomplish this set up in a way renders the encrypted data useless even if the entire machine is stolen? (i.e. an encryption password that is kept elsewhere, but still allows the newly entered form data to be encrypted and stored while the kiosk is in use)?

Thanks.

+3  A: 

Try this: http://andytson.com/blog/2009/07/php-public-key-cryptography-using-openssl/

Alex Howansky
This is what you need. Public key encryption can allow anyone with the public key (e.g., the kiosk) to encrypt and only the holder of the private key (you) to decrypt. However, you won't be able to use the data in the database on the kiosk.
rojoca
Awesome. Thank you. I think this is exactly what I need.
insomniak29
Uhm.. but it's not two-way on the kiosk?
Øyvind Skaar
The kiosk is just for collecting the data. The data would periodically be pulled from the kiosk and taken back to the office where it would be decrypted.
insomniak29
A: 

How smart are your "attackers"?

You could but the key in ram, that way it would (kind of) disappear when the machine looses power. To do this you can mount some ram as a partition (ramdisk) and let the code load the key from there.

But, keeping the key from ever touching the disk can be difficult. The OS can, for example, swap it out.

Edit:

Smart attackers could circumvent this by either:

  1. Copying the key before they steal the box
  2. Dig around the disk in order to find the key.. or maybe parts of it and brute force the rest. As I said, keeping the key from ever touching the disk can be difficult ..

You could also do some light anti reverse-engineering and piece the code together in the code. That way, it would not be trivial (but not that hard either) to read it out.

Øyvind Skaar
A: 

keyfiles on USB Stick???

w13531
A: 

You can use the Asymmetric encryption algorithms (Ex. RSA) to achieve this. With that you will be having a pair of keys, a private and a public. And as the name suggest , the public key will be available to everyone, so the user data can be encrypted with this public key, and the encrypted data is only decrypted using the corresponding private key, which in tour case machine owner will keep. Thus Even in case someone steal your machine, it will be very difficult for person to decrypt the data.

Tara Singh