I know there are a few topics about this, but I still would like to hear your opinion. I'm creating a website that is going to send some messages around the network. Those messages will be encrypted by a private/public-key encryption.
Now, since my server is going to send a lot of those messages, I'm going to need access to the private key a lot. This private key is currently located on the server as a file. However this is not something that is required.
Now, if no-one is able to enter my server, there is no problem at all. But what if someone gets access to my server? They can just take the pr开发者_如何学Goivate key file and my security is breached.
I'm not able to use a hardware solution for this problem.
What are my options?
Now, since my server is going to send a lot of those messages....
If you really only need to send messages to other participants, you only need their public key stored on your server. No danger there.
If you intend to sign / decrypt messages sent to you however you must think about a secure private key storage solution.
Now, if no-one is able to enter my server, there is no problem at all. But what if someone gets access to my server? They can just take the private key file and my security is breached.
You will always have one single point of failure, one piece of code that has to know your private key / the secret to access the private key, etc. But this problem does not come from public / private key encryption but rather the system itself. At one point you always have to process the unencrypted message regardless of the underlying protocol.
If they have the key, and they know what to do with it (where & how it applies to your messages), then yes, you're completely compromised. But, let's face it, that's always the case when someone has rooted your server.
A better approach might be: How can I prevent common hacks, like a man-in-the-middle attack, from compromising security?
I would say:
- Transmit the messages over SSL (If you're using HTTP/HTTPS protocol).
- Obfuscate the code that provides the encode/decoding functionality. This will make your hash harder to decode if someone does get the key. If you're not encoding the key and/or message on the server, and decoding on the client - that may be something to look into depending on your requirments
- On the network the messages are being transmitted, use a network tool to monitor traffic (i.e. snort). Intrusion detection could tell you when someone is up to something.
Just a start...
As it is mentioned earlier, you will always have single point of failure. However, talking about private key storage solutions, you can check Vault project which stores your secrets - private keys in encrypted form. It provides access control policies, audit log and other features.
精彩评论