问题描述
我计划使用MySQL,并且内置加密功能来加密/解密某些表中的某些列。我所关心的是我需要将密钥存储在某个地方。我可以将密钥存储在文件中,并控制该文件的权限以及访问该文件的应用程序的权限,但这是否足够?我也可以创建一个网络服务来获取关键或某些东西。我在一个小商店,我将是唯一一个(可能是另一个人)可以访问应用程序所在的机器。 编辑:我应该补充说,除了添加了一个层次之外,还有一个面向Web应用程序的Web需要解密数据。
我已经看到恶心,但没有人似乎有一个防弹的答案。
这些问题之一是你必须解决好的问题?鉴于我使用MySQL和PHP(可能是Python)有没有更好的方法来解决这个问题?
我不是确保如果使用MySQL构建加密将是您的问题的最佳解决方案。
PHP的包被认为是相当不错的,它使您灵活选择最适合您需求的算法。
将密钥存储在其他服务器上有一个很大的优点:密钥与加密数据不在同一台机器上。因此,只要攻击者对受攻击的机器没有足够的控制权,就无法获得密钥。
如果攻击者完全掌握了存储在数据中的机器,那么他们很有可能会能够查询网络服务的密钥。
然而,将密钥从一台计算机传输到另一台机器打开了一个需要保护的整个新区域。可能涉及更多的密钥和更多的加密层,从而增加错误的机会。
另一个选项是输入密码在网络服务器启动后,只能将其保存在内存中。
可能的解决方案
如果看到使用了以下使用Web访问用户加密文件的方法(我不确定您的环境,但可能有帮助):
- 这个随机密钥存储在用户记录的加密列中。
(只有此列被加密才能影响其余记录的性能! - 随机密钥列的加密用1个主密码进行加密,存储在一个文件或内存中。
(更好的选择是在盯着网络服务器时输入密码,并将其存储在内存中。)
(另一种方法是让用户输入密码并使用它来加密/解密随机密钥列,但是我不知道这是否会增加或减少安全性。) - 需要加密的每个文档都会使用该用户的随机密钥加密,然后存储在磁盘上。
- 文件系统中的权限。
此方法的优点是:
1.随机密钥在数据库中加密。因此,您还可以与加密列结合使用数据库服务器的附加安全性。
2.如果攻击者持有一个密钥,只有部分文件被盗用,文件就会被存储不同的密钥。
但是:
如果攻击者持有主密码并具有对用户表的读取权限,则整个系统再次被破坏。
I plan on using MySQL and it's built-in encryption functionality to encrypt / decrypt certain columns in certain tables. The concern I have is that I need to store the key somewhere. I could certainly store the key in a file and control the permissions of that file and the permissions of the application that accesses it, but is that enough? I could also create a web service to get the key or something.
I am in a small shop where I would be the only one (possibly one other person) that would have access to the machine that the application was on. Edit: I should add that there is a web facing part of this application that would need to decrypt the data unless I added a tier.
I have looked ad nauseum, but no one seems to have a bulletproof answer.
Is this one of those problems where you have to settle for good enough? Given that I am using MySQL and PHP (possibly Python) is there a better way to approach this?
I'm not sure if using MySQL build in encryption would be the best solution to your problem.
PHP's M_CRYPT package is thought to be quite good and it gives you the flexibility to choose the algorithm that is best suited for your needs.
Storing your key on some other server has one big advantage: the key is not on the same machine as the encrypted data. So as long as the attacker does not have enough control over the compromised machine, they cannot get to the key.
If the attacker gains full control of the machine the data is stored on, they most likely will be able to query the web-service for the key.
However, transmitting the key from one machine to another opens up an entire new area that needs to be secured. Probably involving more key's and more encryption layers, thereby increasing the chance of mistakes being made.
The other option is to enter the password upon webserver start up and only keep it in memory.
Possible solution
If seen a solution employed that used the following method for encrypting files for users with web access (I'm not sure of your environment, but it might be helpful):
- Upon user creation, a long random key is assigned to the new user.
- This random key is stored in an encrypted column in the user record.
(only this column is encrypted as to not affect the performance of the rest of the record!) - The encryption of the random-key column is done with 1 master password, stored in a file or in memory.
(The better option is to enter the password upon staring your webserver and only store it in memory.)
(Another approach would be to let the user enter a password and use that to encrypt/decrypt the random-key column, but I'm not sure if that would increase or decrease security) - Every document that needs to be encrypted is encrypted with the random-key for that user and then stored on disk.
- Documents are stored with minimal permissions in the file-system.
The advantages of this approach are:
1. The random-key is encrypted in the database. So you still have the added security of the database-server, in combination with the encrypted column.2. Documents are stored with different keys, if the attacker gets hold of a key, only part of the documents is compromised.
However:
If the attacker gets hold of the master password and has read access to the user-table, the entire system is, once more, broken.
这篇关于在MySQL中使用/存储加密密钥的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!