Answer the question
In order to leave comments, you need to log in
What principle of data encryption should be used in the database?
The task is to encrypt user data in such a way that even having access to the database it would be impossible to read the data. On the other hand, it is necessary to provide for the possibility when the user has forgotten or lost his encryption key and needs to restore the data, i.e. somehow duplicate this key or something like that.
How, from a theoretical point of view, is it better to implement this?
Answer the question
In order to leave comments, you need to log in
"Get to the base" - can look in this direction?
Wrapper: APP[host1]->wrapper[host2]->DB[host3]?
Deposit all user keys with asymmetric encryption on a public master key.
Keep the private key (preferably 2 copies of it) on a medium that you connect only to a device that does not have Internet access and is used only to decrypt "forgotten" user keys (transfer in both directions via a USB flash drive).
If the system is serious, then private key carriers can be stored in safe deposit boxes - it is inexpensive for objects of this volume.
The greatest risk in this case is the substitution of your public master key with an attacker's key (man-in-the-middle).
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question