Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Storing RSA private key in file

Tags:

c#

rsa

encryption

aes

I have a simple encryption application where I will be encrypting "sensitive" data in a database. Only the people who have access rights can see these data in decrypted form. I have been looking around for more information on how to do that and here is my project approach:

  1. I am using AES encryption algorithm.
  2. Generate an AES key with RNGCryptoServiceProvider. Encrypt info with AES key.
  3. Encrypt the AES key with and RSA public key.
  4. Store the private key in a USB file, which I will only give to the people who can have the access rights.
  5. When a rightful person needs to see the decrypted information, they will provide the private key. The app uses the private key to decrypt the AES key, which in turns decrypts the information.

Now, my question is how can I safely store that private key? From what I have been reading, I can obtain the private key using FromXMLString. But, I was thinking that if someone somehow gets the USB file and the XMLFile, he can find the private key by using the FromXMLString similarly. So, how can I protect that file, for example, by using a passphrase? Is there any function in c# i can use for that?

Also, if I change the key pairs, I have to change the public key and re-encrypt the AES key again with the fresh new public key. For that, I found this post How to Generate Unique Public and Private Key via RSA to be quite useful. But, something I am not sure about how the author implemented it. Does he also store the key container name in the private key file? Or the ToXMLString automatically does that?

Thanks~

like image 530
coffeeak Avatar asked Dec 19 '12 07:12

coffeeak

People also ask

How do I save private key in file?

Save your private key: Under "Actions", next to "Save the generated key", click Save private key. Note: If you didn't passphrase-protect your private key, the utility will ask whether you're sure you want to save it without a passphrase.

How do I store my private key?

A CA's private key should be stored in hardware-based protection, such as a Hardware Security Module (HSM). This provides tamper-resistant secure storage. A Private key for an end entity could be stored in a Trusted Platform Module (TPM) chip or a USB tamper-resistant security token.

What do I do with my RSA private key?

The RSA private key is used to generate digital signatures, and the RSA public key is used to verify digital signatures. The RSA public key is also used for key encryption of DES or AES DATA keys and the RSA private key for key recovery.

1 Answers

Somehow, somewhere the decryption key or the RSA key to get the decryption key has to be kept as plain text. If it's not rather be a USB drive, it has to be in a user's head.

So something that you can do is to have multi-factor authentication. A password which only the user knows (He'll keep it in his head or write it down on a sticky note; not your call) and the USB drive which contains the other decryption key.

So an attacker will have to have both the password and the USB drive to get to the encrypted information.

Have a look on PBKDF2 on how to derive a cryptographically secure key from a password the user enters.

like image 120
Ranhiru Jude Cooray Avatar answered Sep 19 '22 14:09

Ranhiru Jude Cooray
Sign in to Comment

Related questions

How to pause and resume a BackgroundWorker?
WPF - binding to an explicitly implemented interface property from code behind/attached behaviour
Posting a collection of subclasses
Get window width / height in Windows store apps
How to load all files in a folder with XNA?
Information on Casted C# Reference Types in Memory
Should I implement IDisposable for a class containing a Thread
Mocking foreach loop with Moq
Marshal.SizeOf structure returns excessive number
Pinning Array of .NET objects
Group a List based on uniqueness
Hide cell in new row in WPF Datagrid
Call method from a specific thread
Dynamically add nested property to ExpandoObject
Json.NET - Throwing Exception in a property setter during deserialization
Is it possible to create a string that's not reference-equal to any other string?
Define a Generic List property in a static class
C# Threading: Exercises for beginners
Using HttpClient Class with WinRT
Best .NET Array/List

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!