I need to design an applicatio开发者_运维知识库n that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was quite comfortable? We can assume, for simplicity, that only one key pair is used.
This is a customer's requirement.
Customer's requirements must be projected onto the real world.
If your application can read some business data, and if the aggresor takes control of your application, then the agressor can read that business data.
Assymetric cryptography won't do magic.
The place to store the private key is with the client, and decrypt it only on the client. The data would need to be at no time decrypted, read or passed through the server in unencrypted form.
I am not sure about the database options, but it's worth to have a look at Oracle Advanced Security(OAS). But, the key is not stored inside the database but in Oracle wallet (OS managed), as far as I can see, compromising this is hard.
OAS supports encryption at tablespace level and at column level. All these, it claims to be performing with no overhead.
Have a look at this question, especially to the resources mentioned in the original question.
I can endorse the book as an excellent overview of the problems in building this kind of systems.
精彩评论