Answer the question
In order to leave comments, you need to log in
K
K
Kefir2014-08-06 18:39:01
Kefir, 2014-08-06 18:39:01
Where to store encryption keys for the server?
Hello!
The server part of a mobile application on .net is being developed and the question arose: how to encrypt user data on the server so securely that no one except the server (ideally) could decrypt them? That is, if the admin gets access to the server that works with the storage, could not get the decrypted data, and so that the developer, having received the dumps from the storage, could not decrypt them either?
Well, it will be absolutely fine if these two, having entered into an agreement, cannot decrypt the dump from the repository in any way.
As I understand it, for this the encryption key will have to be stored on some other server (3d-party), plus configure server authentication (probably by certificate).
The server is a virtual machine, so, unfortunately, you can’t plug any piece of hardware into it.
1 answer(s)
@plasticmirror
P
plasticmirror, 2014-08-06 @plasticmirror
store the private key in the mobile app, no?
the server room will store encrypted bytes + (possibly) meta-info
ps . if the code can get the decrypted data - it doesn't matter how - then the admin + developer will obviously merge them into one or two.
Similar questions
S
I
S
A
4
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question