security - Storing private keys in database -


I need to store a private key for multiple users, so that my server application can sign files on their behalf .

I want to safely store the private key, but I could not find the best practice around it. If I was collecting a password, then I havehes to create a salt + password hash which can not be easily returned to the password. However, with a private key I need to store it in such a way that I can get it later.

I was thinking that I would encrypt the private key and then store it in my database. I basically thought that each key would be encrypted with a different password (based on some user's qualities). However, those properties will probably be stored in the database, so if my database is leaked then the attacker has everything.

I can encrypt all private keys with a single password which is known only for my application. Then an attacker would have to steal my database, and I would have to apply to do any harm.

Is there any technique / best practice I am missing?

You can encrypt the private key with a symmetric key depending on the user password just an additional Store the salt and make the password "hash" to get a different key. Then use the key to encrypt the private key. Note that to create a secure password hash, password based key derived function (PBKDF) such as PBKDF2, Bitcript or Script is used to.

If a user is not online to generate a signature, you should actually protect the password that you can decrypt only you / our backoffice key. You can calculate the encryption / decryption key. For some user ID + you can use your secret key. You may also want to generate a separate RSA key pair for encryption decryption (using Hybrid Encryption).

Storing private keys on behalf of users is very dangerous. There are several ways to lose data or come up with a private key (eg, side-channel attacks). To make it professional, you should actually use an HSM in this process. If this is for any serious data, please consult a professional and a lawyer.

Comments

Post a Comment

Popular posts from this blog

Verilog Error: output or inout port "Q" must be connected to a structural net expression -

I get the error every time, I try to compile. I'm not sure why anyone can help is? I'm new to verilog. Module D_FF (clerk, d, reset_n, q); Input D, Clack, reset_en; Output Q; reg Q; lab4_gdl f1 (.lk (~ clk), d (d), .q.m (qm)); lab4_GDL f2 (.Clk (Clk), D (QM), .Q (Q)); Always start at @ (posedge clk, neggeous reset_n) (Reset_n == 0) Q & lt; = 0; Other questions & lt; = D; Edit End: The problem is what we are asking to do: In this section, you apply the memory / registration circuit on the AlterEdie 2 board. will do. The circuit has the following specifications: The present value of swift SW15-0 on the D2 board should be shown in four hexadecimal four sections of HEX3-0. This part of the circuit will be combination logic. To use an active-less asynchronous reset and KEY1 to use KEY0 as the clock input, you must store SW15-0in in a 16-bit register in the value The register should be enabled to have a 16-bit positive edge, which uses the embedded D flip-flo
Read more

jasper reports - How to center align barcode using jasperreports and barcode4j -

I use iReport 5.5.0 . How to align a barcode component to the center The relevant piece of my jrxml is below & Lt; JR: Code 128 xmlns: JR = "http://jasperreports.sourceforge.net/jasperreports/components" xsi: schemaLocation = "http://jasperreports.sourceforge.net/jasperreports/components http: //jasperreports.sourceforge Purge / xsd / components.xsd "textPosition =" bottom "& gt; & Lt; Jr: codeExpression & gt; & Lt; [CDATA [$ F {number}]] & gt; & Lt; / Jr: codeExpression & gt; & Lt; / Jr: Code 128 & gt; & Lt; / componentElement & gt; "Text" itemprop = "text"> Create a style after this, it is called "barcode", like: & lt; Style name = "barcode" fontName = "Helvetica" fONTSIZE = "10" hAlign = "center" valign = "center" /> and set the property of your barcode element to "barcode".
Read more

c# - ASP.NET MVC - Attaching an entity of type 'MODELNAME' failed because another entity of the same type already has the same primary key value -

In brief, the wrapper module is inserted during posting and the status of an entry is changed to 'modified' . Before changing the state, the state is set to 'separate', but calling attachments () causes the same error to be thrown away. I am using EF 6. Model / wrapper class public class avi model {public A is a {get; Set; } Public listing & lt; B & gt; B {received; Set; } Public cc {receipt; Set; }} Administrator edit public functioning (int? id) {if (id == null) {new HttpStatusCodeResult (HttpStatusCode.BadRequest); } If (! Conveyor Access (id.Value)) new HTTPTitus code result (HTTP status code. Forbidden); Var aViewModel = new AViewModel (); aViewModel.A = db.As.Find (id); If (aViewModel.Receipt == zero) {return HttpNotFound (); } aViewModel.b = db.Bs.Where (x => x.aid == id.Value) .Oolist (); AViewModel.Vendor = db.Cs.Where (x => x.cid == aViewModel.a.cID) .FirstOrDefault (); See Return (aViewModel); } [HTPFost] [Valid AntitiferousTeacon
Read more