Answer the question
In order to leave comments, you need to log in
Encryption in the database on the server?
Please tell me how to solve the problem.
In general, there is a service (something similar to an online store) in which users and managers are registered. So the task is this: users save their personal data on the server and managers can view them. It is necessary to encrypt these personal data so that only the user and a group of managers can read them.
Each user and manager has their own passwords, which are hashed with a salt and stored in the database.
In general, I'm struggling with the algorithm for two days, I even asked a question on stackoverflow . Despite my bad English, someone even understood me :)
Answer the question
In order to leave comments, you need to log in
If the set of managers is fixed from the moment the data is encrypted by the user, then the problem is solved trivially, the scheme will be similar to PGP.
We will store a public-private key pair in the database for each user and manager, and each private key will be encrypted on the derivative of the password entered by the user in the web interface (this is already implemented in the standard).
If managers can be added during the game, then it is somewhat more complicated:
Option number 0: we will generate 100 keys in advance. It’s redundant, and you’ll have to take a steam bath with changing passwords, but it’s easy.
Option number 1: one private key for all managers and an intermediate code that can access the password of this private key, and which itself decrypts the data and sends it to the web interface.
Nothing needs to be encrypted. It is necessary to give data to whom it is necessary, and not to everyone.
And you can’t just make the role of viewing certain data and simply not show the data to managers, for lack of access to it. And whoever has access (by default the user himself + the role of access to user data for some managers) can see the data. And you don't need to encrypt anything.
It seems I came up with, though there is redundancy.
So:
1. For each user, based on his password (PC), a public key is generated
2. For a group of managers, based on a master password (PC), a public key is also generated
3. The user encrypts the data with his own and manager's public key. Both options are stored in base
4. Now, when the user needs to read the data, he enters his password (PC) and decrypts his half.
5. Also, the manager enters his master password (PC) and decrypts his half.
6. Well, the manager, changing the data, encrypts them with his own and user's public key.
Missed nothing? Won't crypto-resistance fall due to duplication of data encrypted with two public keys?
I don't understand why you need to encrypt. Setting up access control in the application is not enough?
I'll put in my 5 cents.
The technical variant of protection was well described above. But any information security specialist will tell you that in most cases such databases are leaked not through hacking, but through employees who have access to them.
There is no and cannot be a 100% solution here, but you can minimize the risks as much as possible. Recipe:
- separation of access, providing access not to the entire array of information, but only to the part that is needed immediately (NO common passwords)
- logging - any access to sensitive data should be logged
- monitoring - any suspicious activity should be " turn on the siren"
- audit - analysis of logs
Plus legal support - managers must sign an NDA.
In case a leak does occur, you need to be able to identify the source of the leak from the leaked data. How exactly - consult with information security specialists.
PS If the above is expensive/difficult for you, don't bother with encryption either.
And yet, you need to understand that by encrypting data in the database, without taking special measures, you lose the ability to search, sort by stored data. Do you need a database in this case?
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question