如何安全地存储密钥? [英] How to store a crypto key securely?
问题描述
我正在使用一个加密库,如pycrypto加密/解密字段在我的python webapp数据库。但是加密算法需要一个密钥。如果我在源中有一个未加密的密钥,似乎愚蠢的尝试加密的数据库字段在我的服务器上,如果有人有权访问数据库文件,他们也将有权访问我的python源代码。
有最佳实践的方法来保护所使用的密钥吗?或者一种加密数据库字段的替代方法(在应用程序不是数据库级别)?
更新:我尝试保护的字段是oauth令牌。
更新:我想没有常见的方法来避免这种情况。我想我需要加密字段反正,因为可能的数据库文件将被备份和移动,至少我会减少到一个脆弱的位置 - 查看我的源代码的问题。
更新:当用户离线时,oauth令牌需要用于api调用,因此在这种情况下使用他们的密码不适用。
如果你加密的字段,你只需要验证(不回忆),然后简单哈希SHA或单向加密与DES或使用盐的IDEA以防止彩虹表实际显露它们。这对于密码或其他访问秘密非常有用。
Python和webapps让我想起GAE,所以你可能想要的东西不是在每个DB上做加密/解密交易,因为这些已经不便宜的GAE。
加密数据库的最佳做法是使用用户自己的密钥加密字段,但包括加密用户密钥的不对称后门,因此您(而不是任何人谁有权访问数据库源文件或表)可以用您的密钥解密用户密钥,应该恢复或其他必要的。
在这种情况下,用户(或您或受信任的代表)可以退出和解除自己的信息。如果你认为你需要通过加密来保护他们的字段,你可能想更严格地验证用户秘密。
在这方面,一些秘密词语(例如丛林中的强大丛林)的密码(而不是密码)是一种鼓励的好习惯。 p>
编辑:刚刚看到您的更新。存储OAuth的最佳方法是为其提供较短的生命周期,仅请求您需要的资源,并重新请求获取长令牌。最好设计围绕获得认证,获得访问和出去,比在后门10年关键。
因为,如果您需要在用户上线时调用OAuth,您可以按上述步骤操作,并使用用户指定的密码加密。您还可以从加密计数器(使用用户密钥加密)中keygen,因此实际的加密密钥在每个事务处更改,计数器存储在纯文本中。但在使用之前检查此模式的具体加密算法讨论。有些算法可能不会用这个很好。
I'm looking at using a crypto lib such as pycrypto for encrypting/decrypting fields in my python webapp db. But encryption algorithms require a key. If I have an unencrypted key in my source it seems silly to attempt encryption of db fields as on my server if someone has access to the db files they will also have access to my python sourcecode.
Is there a best-practice method of securing the key used? Or an alternative method of encrypting the db fields (at application not db level)?
UPDATE: the fields I am trying to secure are oauth tokens.
UPDATE: I guess there is no common way to avoid this. I think I'll need to encrypt the fields anyway as it's likely the db files will get backed up and moved around so at least I'll reduce the issue to a single vulnerable location - viewing my source code.
UPDATE: The oauth tokens need to be used for api calls while the user is offline, therefore using their password as a key is not suitable in this case.
If you are encrypting fields that you only need to verify (not recall), then simple hash with SHA or one-way encrypt with DES, or IDEA using a salt to prevent a rainbow table to actually reveal them. This is useful for passwords or other access secrets.
Python and webapps makes me think of GAE, so you may want something that is not doing an encrypt/decrypt on every DB transaction since these are already un-cheap on GAE.
Best practice for an encrypted databased is to encrypt the fields with the users own secret, but to include an asymmetric backdoor that encrypts the users secret key so you (and not anyone who has access to the DB source files, or the tables) can unencrypt the users key with your secret key, should recovery or something else necessitate.
In that case, the user (or you or trusted delegate) can retireve and unencrypt their own information only. You may want to be more stringent in validating user secrets if you are thinking you need to secure their fields by encryption.
In this regards, a passphrase (as opposed to a password) of some secret words such "in the jungle the mighty Jungle" is a good practice to encourage.
EDIT: Just saw your update. The best way to store OAuth is to give them a short lifespan, only request resources your need and re-request them over getting long tokens. It's better to design around getting authenticated, getting your access and getting out, than leaving the key under the backdoor for 10 years.
Since, if you need to recall OAuth when the user comes online, you can do as above and encrypt with a user specfic secret. You could also keygen from an encrypted counter (encrypted with the user secret) so the actual encryption key changes at each transaction, and the counter is stored in plaintext. But check specific crypto algo discussion of this mode before using. Some algorithms may not play nice with this.
这篇关于如何安全地存储密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
