Encrypting user data on App Engine

Question

I'm writing a web and Android app that allows users to store and access some potentially private data. The transmission of this data over RPC is already protected with SSL. I'm currently storing this piece of data in a Text property, without any encryption. I'm now looking at ways to better protect the storage of the data.

Question 1: Are there any general best practices or tips for encrypting data for storage on App Engine?

One idea I had was to switch the property to a Blob field, transmit only encrypted data over the wire, and do decryption and encryption in the clients (in Javascript and on Android).

For the encryption key, I'm looking at just using the logged-in user's email address provided by the UserService. The user email address is known only when the user is logged in, and the sensitive entity has no reference to the user's email address — only the user ID.

Question 2: Does the user email address make sense as an encryption key? If not, what are other well-known options for encryption keys?

Answer 1

I'm not sure you get a ton of benefit from this. Transmitting the data over SSL is certainly a good idea. If you store the user data unencrypted, someone still has to obtain access to your datastore before they can hijack anything. If you encrypt the data based on properties of the user object, you have to expose that relationship in the client-side encryption/decryption code, so that's essentially public. Someone who obtains access to your datastore and your App Engine source can still decrypt everything, it's just trickier.

One alternative would be to store your encryption key server-side, but take some additional steps to protect it. Permanently prohibit code downloads. Keep your encryption key in source, not in the datastore, but not in source control. Stick it on a USB key, and write a custom deployment wrapper that injects the key into your code at the last minute, deploys, and then scrubs the code. This way, someone who obtains admin rights to your app and access to source control still can't decrypt user data. Your deployment machine is still vulnerable, but you've reduced the attack space.

If you want to go a step further, have users generate their own encryption keys, and store them client-side. Never transmit them to the server. An attacker could still target one user, but no one, including you, would be able to decrypt user data en masse. If users lose their self-selected key, their data is lost forever.