What principle of data encryption should be used in the database?

A

Alexander Diunov2014-12-27 13:16:20

Database design

Alexander Diunov, 2014-12-27 13:16:20

The task is to encrypt user data in such a way that even having access to the database it would be impossible to read the data. On the other hand, it is necessary to provide for the possibility when the user has forgotten or lost his encryption key and needs to restore the data, i.e. somehow duplicate this key or something like that.
How, from a theoretical point of view, is it better to implement this?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

X

xmoonlight, 2014-12-27
@xmoonlight

"Get to the base" - can look in this direction?
Wrapper: APP[host1]->wrapper[host2]->DB[host3]?

A

Andrew, 2014-12-27
@OLS

Deposit all user keys with asymmetric encryption on a public master key.
Keep the private key (preferably 2 copies of it) on a medium that you connect only to a device that does not have Internet access and is used only to decrypt "forgotten" user keys (transfer in both directions via a USB flash drive).
If the system is serious, then private key carriers can be stored in safe deposit boxes - it is inexpensive for objects of this volume.
The greatest risk in this case is the substitution of your public master key with an attacker's key (man-in-the-middle).

S

Spetros, 2014-12-27
@Spetros

How, from a theoretical point of view, is it better to implement this?

Encrypt the duplicate with some master key.