2

I have a database with encrypted information, and want to encrypt each entry with a different key. Then I want to store the encrypted keys in another database. I know I have to encrypt the keys before storing them, but how? My understanding of the process is like this:

  1. Encrypt the original data with a secure key, then store the encrypted data
  2. Encrypt the key with a new secure key, then store the encrypted key
  3. Goto 2

How do I avoid this infinite loop and maintain security?

Edit: The answers there do not address my problem because: (1-2) I don't have access to external hardware, and more importantly I want to store the encrypted keys in another database. (3-4) I don't want to be logged in in order for others to access their data. (5-7) These don't mention encryption at all.

Edit: To further elaborate, I want to implement PCI DSS requirement 3.5.3's first method of storage:

Store secret and private keys in one (or more) of the following forms at all times:

  • Encrypted with a key-encrypting key that is at least as strong as the data-encrypting key, and that is stored separately from the data-encrypting key
  • Within a secure cryptographic device (such as a hardware (host) security module (HSM) or PTS-approved point-of-interaction device)
  • As at least two full-length key components or key shares, in accordance with an industry accepted method

Edit: Answer in the comments. Replace step 3 above with:

  1. Get a password from the user. Transform it into an encryption key with the most current PBKDF series. Encrypt the key from step 2 with the PBKDF key, then discard the PBKDF key.

If you have access to an HSM or TPM, you can also store the key there.

Miryafa
  • 21
  • 3
  • That question doesn't answer mine, because (1-2) I don't have access to external hardware, (3-4) I don't want to be logged in in order for others to access their data, and (5-7) don't mention encryption at all.

    And I'm encrypting each entry with a different key so that I can give the keys to different people and each person access only the data in their rows.

     – Miryafa May 23 '16 at 19:02
  • Whoops, forgot to add @A.Darwin – Miryafa May 23 '16 at 19:08
  • 3
    The accepted answer to that question has a collection of solutions, some of which seem applicable to your situation – Neil Smithline May 23 '16 at 19:14
  • @NeilSmithline It might seem that way, but they aren't for the reasons I put in the previous comment. – Miryafa May 23 '16 at 19:41
  • 3
    Yes. The only way to avoid the infinite loop is to store a key in plain text. That key can be in an HSM, another computer, a TPM, or someone's brain (eg: a password). Sorry that there isn't a better answer, there just isn't. – Neil Smithline May 23 '16 at 19:47
  • You can try to hide/obfuscate the key. Store it in several database fields with names like debug level or whatever, and require the several keys to be XOR'ed together to work. Wouldn't call it security, but it may help – Neil Smithline May 23 '16 at 19:51
  • @NeilSmithline If there isn't a better answer, how does anyone implement NIST/PCI standards or OWASP suggestions? – Miryafa May 23 '16 at 21:30
  • Let us continue this discussion in chat. – Miryafa May 23 '16 at 21:39

0 Answers0