1

That is, is it generally considered more secure to save a single application-wide private key on the web server compared to storing (protected/encrypted) private keys in the database?

More specifically, would storing multiple copies of the same private key XORed with different SHA512 hashes (generated using the user's password plus salt) expose either the private key or one of the passwords to some mathematical weakness?

Scenario:

  • Each user has a copy of a Group-wide Private Key that is protected using an XOR of the SHA512 hash of their password plus some salt stored on the web server.
  • After login, the web server uses the salt (a secret not stored in the database) with the user's password to extract the Private Key for that user's group.
  • The web server uses the private key to decrypt the Group's data and returns that to the User along with a session token.
  • Any updates by the user are encrypted on the server using the Group's Public key.
  • New users to the group must be added by an existing member, so that the group's private key can be extracted and again protected using the new user's password.

Simplified view of the database/webserver:

Database:
  TABLE User
    User Id
    Password (Stored as: Algorithm + Salt + Hashed Password)
    Group Id
    Group's Private Key (Stored as: Private Key [xor] Sha512(Password + App Salt))
  TABLE Confidential Data
    Group Id
    Group Public Key
    Group Encrypted Data (blob)

Server:
  Secret store contains: App Salt

Background: For a simple web application running on a PaaS (platform-as-a-service), some confidential info shared with a group of users needs to be encrypted. Please ignore any compliance issues (i.e. not HIPPA or PCI); this is just "best effort" protection in case the database and web server are compromised.

Pros: Even if both the database and web server have data breaches, the confidential data is not immediately useful without first breaking a password from at least one of the users in the group. Also, if there are any application flaws that allow a malicious user to access data from other groups, the data will not be decryptable even by the web server without the Group's Private Key.

Cons: Of course, if the attacker can secretly run code on the web server for any length of time, they can potentially extract all of this data as each client connects. The main value would be protecting against data breaches/leaks as opposed to remote execution.

A similar question did not get an answer. This is also not Shamir's Secret Sharing because each user should be able to view the confidential data in isolation.

James
  • 113
  • 5
  • Why share the private-key, instead of using public-key encryption? As a rule of thumb, a private-key should never be shared. – Filipe dos Santos Jan 22 '20 at 16:06
  • @Filipe-dos-Santos Thanks for the response. Any user in the group must be able to decrypt the resource. Public-key encryption can indeed be used to encrypt the data, but how can those users decrypt the data? Are you suggesting that all users should have their own Public/Private keys? (meaning the data would need to be encrypted n-times, once for each user) Even still, wouldn't the keys still be vulnerable in case of a data breach? – James Jan 22 '20 at 19:27

0 Answers0