0

I'm designing a system to hold protected user objects, potentially using their passwords as in this article Encrypting sensitive data in software and storing/decrypting it on a server.

When a user forgets their password, I need a method to reset their password but also recover and re-protect their user object. I want to automate this process using some self-service portal.

I had considered using some asymmetric encryption to additionally encrypt the user object during the original password encryption, where some remote system with access to the private key can recover the data and then allowing the user to specify a new password and then re-protect their object.

Are there any existing patterns that could achieve this?

Community
  • 1
MarcP
  • 23
  • 4

1 Answers1

0

What you describe is a common use case in medium to large organization: users can encrypt their sensitive data, but a copy of the key must be saved (generally in a physical safe) in case they forget their password or are no longer able to decrypt it (death, serious injuries, etc.)

Windows offers an out of the box way where an administrator can be allowed to decrypt a crypted folder. Other systems can be imagined, with the following pattern:

  • a symetric key is used to encrypt the data
  • that key is then encrypted with the user password (*) and saved that way. When the user changes its password, the keyfile is decrypted with old password and re-encrypted with the new one
  • a copy of the symetric key is securely stored in a physical or logical safe accessible to a security officer (or even better procedures could requires two different persons to unlock the safe)

(*) More exactly the user password is used to access the symetric key. But it can be actually encrypted with:

  • a hash of the user password
  • a public key of the user (he then uses his private key protected by his password to decrypt)
  • or stored in a password vault

The same variations can be used to store the copy.

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
  • Ok that makes sense. I had thought of rather than a per-user symmetric key, that using one asymmetric system public key to easily encrypt the data with the private key held securely held on a HSM elsewhere. Providing there are good physical and logical controls over the HSM, this would facilitate a simpler-to-implement and more secure way of handling this? If one symmetric key is compromised then all assumed are? – MarcP Feb 01 '17 at 08:33
  • @MarcP: I've edited my answer for your comment. – Serge Ballesta Feb 01 '17 at 08:56
  • Thanks. My latest thinking now is to ask the user for three answers to three security questions and then use a combination of the answers to form three responses. These will then be used to create three options for recovering the symmetric key and hence the user object, whereupon the main password can be reset and then to encrypt the user object again. If the user cannot remember then at least some of the security responses, they will need then to recreate their user object from scratch. Seem reasonable? – MarcP Feb 01 '17 at 17:13