存储加密密钥——最佳实践? [英] Storing encryption keys -- best practices?
问题描述
我有一个使用对称加密算法的 Web 应用程序.
I have a web application that uses a symmetric encryption algorithm.
您将如何存储密钥和初始化向量?在代码中存储为文字似乎是个坏主意.应用程序设置如何?这里的最佳做法是什么?
How would you store the secret key and initialization vector? Storing as a literal in the code seems like a bad idea. How about app settings? What is the best practice here?
推荐答案
webapp 世界中的一种标准方法是拆分键并将其放在不同的位置.例如,您可以拆分密钥并将其一部分放在文件系统中(在webapps"目录之外),一部分放在 JNDI 配置(或 .net 等价物)中,一部分放在数据库中.如果您受到损害,例如检查备份媒体或 SQL 注入,则获取任何单个部分并不是特别困难,但获取所有部分需要做更多的工作.
One standard approach in the webapp world is to split the key and put it in different places. E.g., you might split the key and put part of it in the filesystem (outside of the 'webapps' directory), part of it in the JNDI configuration (or .net equivalent), and part of it in the database. Getting any single piece isn't particularly hard if you're compromised, e.g., examining backup media or SQL injection, but getting all of the pieces will require a lot more work.
您可以通过对相同大小的随机数进行异或来拆分密钥.(使用加密强的随机数生成器!)如果您想将密钥拆分为多个部分,您可以多次重复此过程.在您想要的过程结束时,例如,三个部分键,例如 p1 ^ p2 ^ p3 = key.您可能需要对某些部分键进行 base64 编码,以便正确存储它们,例如,在 JNDI 属性中.
You can split a key by XOR-ing it with random numbers of the same size. (Use a cryptographically strong random number generator!) You can repeat this process several times if you want to split the key into multiple pieces. At the end of the process you want, e.g., three partial keys such that p1 ^ p2 ^ p3 = key. You might need to base64-encode some of the partial keys so they can be stored properly, e.g., in a JNDI property.
(有更复杂的方法来拆分密钥,例如,n-of-m 算法,您不需要所有的部分来重新创建密钥,但这远远超出了您在这里需要的范围.)
(There are more sophisticated ways to split a key, e.g., an n-of-m algorithm where you don't require all of the pieces to recreate the key, but that's -far- beyond what you need here.)
如果您可以要求用户主动输入密码,则可以使用 PBE(基于密码的加密)算法将密码转换为良好的对称密钥.您想找到一个也需要外部文件的文件.再次出现磁带备份或密码本身不够的情况,您需要两者.您还可以使用它通过 JNDI 将密码分成两部分 - 您可以在 JNDI 中使用明文密码短语,并在文件系统中的某处使用初始化文件.
If you can require the user to actively enter the password, there are PBE (password-based encryption) algorithms that convert a password to a good symmetric key. You want to find one that requires an external file as well. Again it's a case the tape backups or the password itself isn't enough, you need both. You could also use this to split the password into two pieces with JNDI - you can use a plaintext passphrase in JNDI and an initialization file somewhere in the filesystem.
最后,无论您做什么,请确保您可以相当轻松地重新设置"您的应用程序.一种方法是使用上面获得的密码来解密包含实际加密密钥的另一个文件.如果您认为密码已被盗用,则无需对所有数据进行大量重新加密即可轻松更改密码 - 只需重新加密您的实际密钥即可.
Finally, whatever you do be sure you can 'rekey' your application fairly easily. One approach is to use the password obtained above to decrypt another file that contains the actual encryption key. This makes it easy to change the password if you think it's been compromised without requiring a massive reencryption of all of the data - just reencrypt your actual key.
这篇关于存储加密密钥——最佳实践?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
