Two way DB encryption secure even from the Admin

前端 未结 2 1302
陌清茗
陌清茗 2021-02-04 11:06

I have an interesting encryption problem at hand. I do not know if it can be solved but here goes:

A database is to contain sensitive user information. As such, the user

2条回答
  •  情话喂你
    2021-02-04 11:33

    What you want is a recovery agent. Encrypt all data twice: once with the user key, once with the recovery agent (public) key; atleast the latter one needs to be asymmetric. Keep the recovery agent key in a pyhsical safe, with a formal access protocol (e.g. four eyes principle). Usually, the administrator cannot access the encrypted data, but if the user loses the key, and recovery is authorized, then the recovery key is obtained.

    There are also ways to encrypt the recovery agent's key so that m-out-of-n people have to agree to use it.

    Edit: One implementation strategy is to encrypt everything twice. Alternatively, for each data set that needs to be recoverable independently, create a fresh symmetric key, and encrypt only that key twice; the original data get encrypted only with the session key. That approach can extend to multiple independent readers; it requires asymmetric keys per reader (so that you can encrypt the session key with the public keys of all readers - one being the recovery agent).

    I copied the terminology from Microsoft's Encrypting File System, which has that scheme implemented.

提交回复
热议问题