What is the best place to save the encoding key?

O

Oblomingo2015-02-26 11:52:58

Information Security

Oblomingo, 2015-02-26 11:52:58

Good day,
In the project (.NET) there is a key for encoding / decoding data as a string. Now it's just written in code.
This option is not very good because if the code falls into the hands of a third party, then the data during the exchange can be intercepted and decrypted.
As option to store the data in a database. What are the pros and cons of such storage?
What other options for storing security-critical information do you know?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vladimir Martyanov, 2015-02-26
@vilgeforce

The DB is not an option: the bad guy can impersonate the application and get the data from the DB. Or he can yank them out of a running application.

N

Nikolai Korabelnikov, 2015-02-26
@nmk2002

The best way to save the encryption key is HSM (Hardware Security Module).
Moreover, key generation should also take place inside the HSM.
The essence of HSM is the non-recovery of the key. All decryption operations using this key will be performed only inside the HSM. Thus, the encryption key will not be available even in the RAM of the server on which the database is running.
If you are interested in details, please contact.