How to organize the storage of encrypted data?

A

Anton Ivanov2017-01-25 15:51:33

Encryption

Anton Ivanov, 2017-01-25 15:51:33

Hello.
I'm starting to develop a project that will involve important data, the leakage of which threatens the courts and others.
I want advice on how to organize the encryption of this data.
I plan to encrypt data with something like AES256, the question is how to store the key? If in a file, then the person who has access to the server will, it turns out, also have access to the data? You can, of course, delimit access rights based on users, but will this help?
I apologize if the questions are noob, I am writing a project with encryption for the first time. Tell me, or give a link to an article (possible in English), where this issue is discussed in detail.
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrew, 2017-01-25
@OLS

Generate a key on a laptop disconnected from the Internet, make 2 backup copies, and for work, write it to the token in a non-recoverable mode, overwrite the laptop. Use the token only on the client machine(s), store only encrypted data on the server.

S

Sergey, 2017-01-25
@feanor7

If your task is an organization, then why not look towards ready-made information security facilities (information security tools). There are many developments both in 152-FZ and in protecting state authorities. secrets. It provides for a lot, from accessing a PC and unlocking it by swiping cards, to encrypting data inside containers.
If you just need to implement storage, I use Boxcryptor to provide data to several people.