1

I have a database with encrypted information, and want to encrypt each entry with a different key. Then I want to store the encrypted keys in another database. I know I have to encrypt the keys before storing them, but how? My understanding of the process is like this:

  1. Encrypt the original data with a secure key, then store the encrypted data
  2. Encrypt the key with a new secure key, then store the encrypted key
  3. Goto 2

How do I avoid this infinite loop and maintain security?

Edit: The answers there do not address my problem because: (1-2) I don't have access to external hardware, and more importantly I want to store the encrypted keys in another database. (3-4) I don't want to be logged in in order for others to access their data. (5-7) These don't mention encryption at all.

Edit: To further elaborate, I want to implement PCI DSS requirement 3.5.3's first method of storage:

Store secret and private keys in one (or more) of the following forms at all times:

  • Encrypted with a key-encrypting key that is at least as strong as the data-encrypting key, and that is stored separately from the data-encrypting key
  • Within a secure cryptographic device (such as a hardware (host) security module (HSM) or PTS-approved point-of-interaction device)
  • As at least two full-length key components or key shares, in accordance with an industry accepted method

Edit: Answer in the comments. Replace step 3 above with:

  1. Get a password from the user. Transform it into an encryption key with the most current PBKDF series. Encrypt the key from step 2 with the PBKDF key, then discard the PBKDF key.

If you have access to an HSM or TPM, you can also store the key there.

Miryafa
  • 11
  • 3
  • That question doesn't answer mine, because (1-2) I don't have access to external hardware, (3-4) I don't want to be logged in in order for others to access their data, and (5-7) don't mention encryption at all. And I'm encrypting each entry with a different key so that I can give the keys to different people and each person access only the data in their rows. – Miryafa May 23 '16 at 19:02
  • Whoops, forgot to add @A.Darwin – Miryafa May 23 '16 at 19:08
  • 3
    The accepted answer to that question has a collection of solutions, some of which seem applicable to your situation – Neil Smithline May 23 '16 at 19:14
  • @NeilSmithline It might seem that way, but they aren't for the reasons I put in the previous comment. – Miryafa May 23 '16 at 19:41
  • 3
    Yes. The only way to avoid the infinite loop is to store a key in plain text. That key can be in an HSM, another computer, a TPM, or someone's brain (eg: a password). Sorry that there isn't a better answer, there just isn't. – Neil Smithline May 23 '16 at 19:47
  • You can try to hide/obfuscate the key. Store it in several database fields with names like `debug level` or whatever, and require the several keys to be XOR'ed together to work. Wouldn't call it security, but it may help – Neil Smithline May 23 '16 at 19:51
  • @NeilSmithline If there isn't a better answer, how does anyone implement NIST/PCI standards or OWASP suggestions? – Miryafa May 23 '16 at 21:30
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/40193/discussion-between-miryafa-and-neil-smithline). – Miryafa May 23 '16 at 21:39

0 Answers0