存储加密密钥 - 最佳实践？ [英] Storing encryption keys -- best practices?

问题描述

我有一个使用对称加密算法的Web应用程序。

I have a web application that uses a symmetric encryption algorithm.

如何存储密钥和初始化向量？作为文字存储在代码中似乎是一个坏主意。应用设置如何？

How would you store the secret key and initialization vector? Storing as a literal in the code seems like a bad idea. How about app settings? What is the best practice here?

推荐答案

webapp世界中的一个标准方法是将密钥分割并放在不同的地方。例如，您可以拆分密钥，将它的一部分放在文件系统（webapps目录外），它是JNDI配置（或.net等效）中的一部分，也是数据库中的一部分。如果你受到攻击，例如检查备份介质或SQL注入，获取所有的片断需要更多的工作，那么获取任何单个片段并不是特别困难。

One standard approach in the webapp world is to split the key and put it in different places. E.g., you might split the key and put part of it in the filesystem (outside of the 'webapps' directory), part of it in the JNDI configuration (or .net equivalent), and part of it in the database. Getting any single piece isn't particularly hard if you're compromised, e.g., examining backup media or SQL injection, but getting all of the pieces will require a lot more work.

您可以通过使用相同大小的随机数对其进行XOR操作来分割密钥。 （使用加密的强随机数生成器！）如果要将密钥拆分为多个部分，可以重复此过程几次。在所需的过程结束时，例如，三个部分密钥，使得p1 ^ p2 ^ p3 = key。您可能需要对一些部分键进行base64编码，以便它们可以正确存储，例如在JNDI属性中。

You can split a key by XOR-ing it with random numbers of the same size. (Use a cryptographically strong random number generator!) You can repeat this process several times if you want to split the key into multiple pieces. At the end of the process you want, e.g., three partial keys such that p1 ^ p2 ^ p3 = key. You might need to base64-encode some of the partial keys so they can be stored properly, e.g., in a JNDI property.

（有更复杂的方法来分割键，例如，n-of-m算法，您不需要所有的部分来重新创建密钥，但是这是 - 超过你需要的这里。）

(There are more sophisticated ways to split a key, e.g., an n-of-m algorithm where you don't require all of the pieces to recreate the key, but that's -far- beyond what you need here.)

如果您可以要求用户主动输入密码，则有基于PBE（基于密码的加密）算法，可将密码转换为良好的对称密钥。你想要找到一个需要一个外部文件。再次，这是一种情况下磁带备份或密码本身是不够的，你需要两个。您也可以使用它将密码拆分为JNDI的两个部分 - 您可以在JNDI中使用纯文本密码，并在文件系统中的某处使用初始化文件。

If you can require the user to actively enter the password, there are PBE (password-based encryption) algorithms that convert a password to a good symmetric key. You want to find one that requires an external file as well. Again it's a case the tape backups or the password itself isn't enough, you need both. You could also use this to split the password into two pieces with JNDI - you can use a plaintext passphrase in JNDI and an initialization file somewhere in the filesystem.

你确定你可以很容易地'rekey'你的应用程序。一种方法是使用上面获得的密码来解密包含实际加密密钥的另一个文件。如果您认为密码遭到入侵，而不需要对所有数据进行大量重新加密，则只需重新加密您的实际密钥即可轻松更改密码。

Finally, whatever you do be sure you can 'rekey' your application fairly easily. One approach is to use the password obtained above to decrypt another file that contains the actual encryption key. This makes it easy to change the password if you think it's been compromised without requiring a massive reencryption of all of the data - just reencrypt your actual key.

这篇关于存储加密密钥 - 最佳实践？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！