加密第 3 方凭据 [英] Encrypting 3rd party credentials
问题描述
我有一个应用程序,我需要将第三方凭证存储到 Amazon S3、FTP、SFTP 等服务.
I have an application where I need to store 3rd party credentials to services like Amazon S3, FTP, SFTP, etc..
我知道可以在没有密码的情况下访问其中一些系统,但这有其自身的问题.如果我们的客户允许我们通过 ACL 访问他们的 S3 存储桶,我们仍然需要验证哪个存储桶属于哪个用户,SFTP 和 ssh 密钥身份验证也是如此.
I know that it is possible to access some of those systems without passwords, but that has its own issues. If our customers gave us access to their S3 buckets via ACL we would still need to verify which bucket belongs to which user, same goes for SFTP and ssh key auth.
我们将尽最大努力在可能的情况下允许使用非密码替代方案,但有时 (FTP) 是不可能的.因此,我正在寻找有关如何将这些敏感数据存储在我们的数据库(MySql)或其他地方的建议.
We will try our best to allow non-password alternatives where possible, but sometimes (FTP) it just won't be possible. Therefor I am looking for advice on how to store this sensitive data in our database (MySql) or elsewhere.
过去我读到有人使用自动卸载的 TrueCrypt 分区,但这可能需要体面的入侵检测.目前,我对能够带来合理安全性并且可以在未来改进的简单方法感兴趣.
In the past I have read about people using TrueCrypt partitions that automatically unmount, but that would probably require decent intrusion detection. For now I'm interested in simple approaches that lead to reasonable security and can improved upon in the future.
任何关于该主题的建议都将受到高度评价!
Any advice on the subject would be highly appriciated!
推荐答案
有多种可能性,由于我认为您提供的有关上下文的信息不足,因此我将尝试从我的角度给您一个概述看法.我认为这里最重要的方面是您的数据的机密性和用户的身份验证.数据的完整性和可用性不那么重要了.
There are a range variety of possibilities and since in my opinion you provide not enough info about the context, i will try to give you an overview from my point of view. I assume that here the most important aspect is confidentiality of your data and and authentication of the users. Integrity and availability of data is much less important.
如果您想要基本的安全性,您可以让 MySQL 通过用户名/密码组合来处理它,并在给定帐户上设置访问权限.但是,由于 mysql 的访问控制机制不是细粒度的(您只能为每个表设置访问控制规则,而不是每行),这可能会产生糟糕的数据库设计.
If you want basic security, you can let MySQL handle it by means of username/password combinations and set access rights on the given account. However, since the access control mechanism of mysql is not fine-grained (you can set access control rules per table only, not per row) this will probably yield a bad database design.
如果您想采用非密码方法,您可以向用户提供客户端证书,并让他们通过出示客户端证书来证明自己的身份(为此使用 TLS)或让他们签署某些东西(注意它们是危险的,因为您创建一个所谓的签名预言机).
If you want to have a non-password approach, you can give users client-certificates and let them prove their identity by presenting their client certificates (use TLS for that) or let them sign something (note their are dangers because you create a so called signing oracle).
另一种方法是加密数据库中的数据.您可以通过从密码派生对称密钥并使用此数据加密凭据来做到这一点.这里的问题当然是您的密钥派生协议应该是好的,这并不容易实现(所以如果您选择这个,我建议您采用现有的密钥派生协议或使用流密码).在此处查看流密码列表 http://en.wikipedia.org/wiki/Stream_cipher.
Another approach is to encrypt your data in the database. You can do that by deriving a symmetric key from the password and encrypt the credentials with this data. The catch here is of course that your key derivation protocol should be good and this is not easy to accomplish (so if you choose this, i advice you to take existing key derivation protocols or use a streamcipher). Take a look here for a list of streamcipher http://en.wikipedia.org/wiki/Stream_cipher .
如果您非常关心安全性,您可以开始考虑一些奇特的解决方案,例如使用智能卡进行身份验证,或用于生成访问代码的时间同步防篡改设备.但是,请注意,这些花哨的解决方案不会为您提供免费的安全性,如果实施此类系统既困难又昂贵(由于开发和部署),但如果正确完成,它们可以提供最佳安全性.
If you care very much for security you can start thinking about fancy solutions like authentication with smartcards, or a time synchronized tamper resistant device for generating acccess codes. However, note that these fancy solutions do not give you free security, implementing such systems if hard and costly (due to development and deployment) however, if done correctly they provide the best security.
这篇关于加密第 3 方凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
