加密第三方凭证 [英] Encrypting 3rd party credentials

问题描述

我有一个应用程序，需要在其中存储第三方凭证到Amazon S3，FTP，SFTP等服务.

I have an application where I need to store 3rd party credentials to services like Amazon S3, FTP, SFTP, etc..

我知道可以不用密码访问其中一些系统，但这有其自身的问题.如果我们的客户通过ACL允许我们访问其S3存储桶，我们仍然需要验证哪个存储桶属于哪个用户，SFTP和ssh密钥身份验证也是如此.

I know that it is possible to access some of those systems without passwords, but that has its own issues. If our customers gave us access to their S3 buckets via ACL we would still need to verify which bucket belongs to which user, same goes for SFTP and ssh key auth.

在可能的情况下，我们将尽最大努力允许使用非密码替代方案，但有时(FTP)则是不可能的.因此，我正在寻找有关如何在我们的数据库(MySql)或其他地方存储此敏感数据的建议.

We will try our best to allow non-password alternatives where possible, but sometimes (FTP) it just won't be possible. Therefor I am looking for advice on how to store this sensitive data in our database (MySql) or elsewhere.

过去，我读过一些有关使用TrueCrypt分区的人的信息，这些分区会自动卸载，但是可能需要进行不错的入侵检测.目前，我对能够带来合理安全性并且将来可以改进的简单方法很感兴趣.

In the past I have read about people using TrueCrypt partitions that automatically unmount, but that would probably require decent intrusion detection. For now I'm interested in simple approaches that lead to reasonable security and can improved upon in the future.

任何有关该主题的建议都将被采纳！

Any advice on the subject would be highly appriciated!

推荐答案

存在多种可能性，由于我认为您没有提供足够的上下文信息，因此，我将尽力为您提供一个概述.看法.我认为这里最重要的方面是您的数据的机密性和用户的身份验证.数据的完整性和可用性远不那么重要.

There are a range variety of possibilities and since in my opinion you provide not enough info about the context, i will try to give you an overview from my point of view. I assume that here the most important aspect is confidentiality of your data and and authentication of the users. Integrity and availability of data is much less important.

如果您需要基本的安全性，则可以让MySQL通过用户名/密码组合来处理它，并设​​置给定帐户的访问权限.但是，由于mysql的访问控制机制不够细致(您只能为每个表而非每个行设置访问控制规则)，这可能会导致数据库设计不佳.

If you want basic security, you can let MySQL handle it by means of username/password combinations and set access rights on the given account. However, since the access control mechanism of mysql is not fine-grained (you can set access control rules per table only, not per row) this will probably yield a bad database design.

如果您想采用非密码方式，则可以向用户提供客户端证书，并通过提供客户端证书(使用TLS)来让他们证明自己的身份，或者让他们签名(请注意，这是危险的，因为您创建一个所谓的签名预告片).

If you want to have a non-password approach, you can give users client-certificates and let them prove their identity by presenting their client certificates (use TLS for that) or let them sign something (note their are dangers because you create a so called signing oracle).

另一种方法是对数据库中的数据进行加密.您可以通过从密码中获取对称密钥并使用此数据对凭据进行加密来做到这一点.当然这里要注意的是，您的密钥派生协议应该是好的，而且这不容易实现(因此，如果您选择此方法，我建议您采用现有的密钥派生协议或使用流密码).在此处查看流密码列表 http://en.wikipedia.org/wiki/Stream_cipher.

Another approach is to encrypt your data in the database. You can do that by deriving a symmetric key from the password and encrypt the credentials with this data. The catch here is of course that your key derivation protocol should be good and this is not easy to accomplish (so if you choose this, i advice you to take existing key derivation protocols or use a streamcipher). Take a look here for a list of streamcipher http://en.wikipedia.org/wiki/Stream_cipher .

如果您非常关心安全性，那么您可以开始考虑一些高级解决方案，例如使用智能卡进行身份验证，或者使用时间同步防篡改设备生成访问码.但是，请注意，这些精美的解决方案并不能为您提供免费的安全性，如果实施起来困难且成本高(由于开发和部署)，则可以实施此类系统，但是，如果正确完成，则可以提供最佳的安全性.

If you care very much for security you can start thinking about fancy solutions like authentication with smartcards, or a time synchronized tamper resistant device for generating acccess codes. However, note that these fancy solutions do not give you free security, implementing such systems if hard and costly (due to development and deployment) however, if done correctly they provide the best security.

这篇关于加密第三方凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！