Ok, so I've encrypted my data now where do I hide the key?

views:

394

answers:

+7 Q:

Ok, so I've encrypted my data now where do I hide the key?

I have a database that contains sensitive information. I can encrypt / decrypt the data on the read write operations. The problem is that I need to store the key in the application. If someone has hacked their way in such they have access to the database then they can also grab the application (java) decomplie it and pull the key.

This seems like a speed bump at best. What other solutions are available?

+3 A:

Require the user to enter a passphrase to access their data. Burying the key in the code is security by obscurity.

Cody Brocious 2009-01-22 14:18:07

Encrypt the key (using DPAPI), put it in a file, put an ACL on that file etc...

Frederik Gheysels 2009-01-22 14:18:17

DPAPI is only relevant on Windows, but it's a reasonable suggestion...

Roger Lipscombe 2009-01-22 14:19:13

Its also machine specific, so if you migrate your DB to a new server, you key will not be decryptable.

Russ 2009-01-22 14:59:28

+4 A:

I am assuming you have some way to verify the credentials of the user before allowing them to access the database?

Usually the architecture for these kinds of things is as follows:

Database
Server
Client

The Client connects to the Server, which then connects to the Database. The Server makes sure the Client authenticates correctly before allowing them access to sensitive information. The decryption key is stored only on the server. Noone should have access to the server, and especially the file that contains the key. This way the clients do not have any encryption/decryption they have to do, and do not have to store any keys.

earlNameless 2009-01-22 14:20:51

Yes, but the OP's original question was "if the server is compromised, how do I keep them from finding the key" which is a totally different question. I like Kent's idea of using the operating system's built-in key management

Coderer 2009-01-22 14:51:46

+3 A:

Read up on keystores.

HTH, Kent

Kent Boogaart 2009-01-22 14:21:02

Do they work with Java? All Keystores I know are OS-specific

TToni 2009-01-22 14:25:45

Check out Java's keytool. http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html

Bill the Lizard 2009-01-22 14:45:19

How would keystores help?

Francisco Canedo 2009-01-22 15:21:31

+4 A:

The only thing you can do is make it difficult to extract the key from your application. You can't make it impossible. If you give someone a box with contents that you're trying to protect, you have to give them the key if you want them to be able to access the contents. Once you give them the key they can do whatever they want… if they take the trouble of finding the key.

This is a case of Bob and Eve being the same person, you want to give Bob access but stop Eve from seeing it.

This is DRM, it doesn't work.

Francisco Canedo 2009-01-22 14:23:40

+2 A:

Store the keys in a CSP container. Consider the Java CSP here .

This is IMO the safest way possible. But you can also consider storing the key in a file which is protected by the operating system using some kind of ACL.

Lonzo 2009-01-22 14:35:04

What if the user reinstalled the operating system, will the keys be lost??

Hemanshu Bhojak 2009-05-01 15:54:03

+1 A:

require the user to log in using a strong password; use the password as the key for a symmetric encryption algorithm to decrypt the asymmetric database key

keep the db key in secure memory while the application is running (if that is an option)

Steven A. Lowe 2009-01-22 15:08:16

ansaurus

tags:

views:

answers:

Ok, so I've encrypted my data now where do I hide the key?

related questions