Where to Store Encryption Keys MVC Application
Asked Answered
V

2

11

I am using a AES encryption/decryption class that needs a key value and vector value encrypt and decrypt data in an MVC3 application.

On saving the record I am encrypting the data then storing in a database. When i retrieve the record i am decrypting in the controller and passing the unencrypted value to the view.

The concern is not protecting data as it traverses the network but to protect the database should it be compromised.

I have read many posts that say dont put the keys for encryption in your code.

Ok so where should they be kept? File system? Another Database?

Looking for some direction.

Valenta answered 7/6, 2012 at 22:55 Comment(0)
P
3

Common sense says, if an intruder gets access to your database, they will most likely also have access to your file system. It really comes down to you. For one, you can try to hide it. In configuration files, in plain files somewhere in file system, encrypt it with another key that is within the application ... and so on and so forth.

Configuration files are a logical answer, but why take a chance - mix it. Feel free to mix keys with multi-level encryptions - one requiring something from the record itself and being unique to every record, other one requiring a configuration value, third one requiring an application-specific value, and perhaps a fourth one from a library hidden well within your application's references? This way, even if one layer somehow gets compromised, you will have several others protecting it.

Yes, it adds overhead. Yes, it is relatively expensive. But is it worth it if you have sensitive data like user credit card details? You bet it is.

I'm using similar encryption and hashing techniques in one of my personal pet projects that is highly security focused and carefully controlled. It depends how much data you need to display at any one time - for example, mine will ever fetch only 10 records at a time, most likely even less.

... To specify what I mean by mixing: Encrypt once. Then encrypt that data again with different key and suggestedly different algorithm.

Plankton answered 8/6, 2012 at 9:34 Comment(1)
>> "For one, you can try to hide it" : Security by obscurity is a no go... sorryExo
S
0

I would use Registry Keys protected by ACL, so only the account under which your app pool is running can read them.

Stodder answered 8/6, 2012 at 9:38 Comment(1)
And because the appPoolAccount is the one that is reading the regKeys and is also impersonating the webcall's, then a hacker is able to use the appPoolAccount to access the regKeys if there is a security issue with your webserver. And your dbase could be decrypted. So this is not an optimal solution I'm afraid.Exo

© 2022 - 2024 — McMap. All rights reserved.