Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ok, so I've encrypted my data now where do I hide the key?

I have a database that contains sensitive information. I can encrypt / decrypt the data on the read write operations. The problem is that I need to store the key in the application. If someone has hacked their way in such they have access to the database then they can also grab the application (java) decomplie it and pull the key.

This seems like a speed bump at best. What other solutions are available?

like image 623
Preston Avatar asked Jan 22 '09 14:01

Preston


People also ask

Where do encryption keys get stored?

Store the key on a different server. E.g. put the key on the web server and the encrypted data on the database server. This protects you to some degree because someone would have to know to grab the key as well as the database, and they'd also have to have access to both servers.

Where is the encryption code on my phone?

To get started, go to Settings > Security > Encryption > Screen lock. Select the PIN option and enter a PIN. The Android device is ready to be encrypted. Use the settings menu to open the encryption screen below by following Settings > Security > Encryption > Encrypt tablet or Encrypt phone.


1 Answers

The only thing you can do is make it difficult to extract the key from your application. You can't make it impossible. If you give someone a box with contents that you're trying to protect, you have to give them the key if you want them to be able to access the contents. Once you give them the key they can do whatever they want… if they take the trouble of finding the key.

This is a case of Bob and Eve being the same person, you want to give Bob access but stop Eve from seeing it.

This is DRM, it doesn't work.

like image 87
Francisco Canedo Avatar answered Oct 21 '22 21:10

Francisco Canedo