1

I have a desktop application written in Python. The application is connects with an external SAP HANA service and pulls data. There are couple of configuration files where several connection string are stored unencrypted as of now.

I want to encrypt the config files which should get decrypted when user logs in. I checked few libraries like encrypted-config but my requirement doesn't fit here.

My plan is as below

  1. The configuration file is encrypted using an encryption Key:CK
  2. CK is stored on another server as encrypted with the user password HASH.
  3. When user logs into the application, password Hash is calculated and it connects to the key server, decrypt CK, store it in cache, decrypt the config file
  4. Pull data from SAP

I don't know how reliable is this approach but there are few challenges:

  1. If CK is encrypted with user password Hash, I need to keep multiple copies of CK for each user.
  2. I want to implement Key Rotation and in that case the problem 1 shared above will be even more tricky.

** Edited ** This Key Server is not specifically used for key management. I have just named another remote server as key server where the keys would either be stored encrypted in a database or a file.

Please advise.

RPK
  • 195
  • 1
  • 1
  • 7

1 Answers1

0

The question is making incorrect assumptions on some of the details. For example, it says to calculate a password hash, and it looks like it is assuming the hash is used as the cryptographic key to encrypt/decrypt the key on the key server. But that's not normally how key servers operate.

Key servers have their own encryption mechanism and will encrypt all their keys with their own key (usually called something like the "master key" or "Key Encrypting Key (KEK)".) When you connect to the key server with a password, the server will authenticate your username/password combination. You will then request access to a specific key name or key identity, and if you're authorized it will grant your access. Depending on the server's configuration and your request, it may export the key to you so you can use it to encrypt and decrypt, or it may provide encryption/decryption services to you.

The key server's job is to securely store the keys, and to perform key lifecycle management functions (key generation, key destruction, etc.) A key server may provide key rotation functionality; but because there are no cryptographic standards for key rotation or key versioning, the implementations will be server dependent.

John Deters
  • 33,650
  • 3
  • 57
  • 110
  • Sorry for the confusion. I should have clarified this in my post. It is not a Key Server, which usually is used for Key Management. I have just named another remote server as Key Server, where the Key would be stored encrypted either in a database or in a file. I am correcting original post. ā€“ RPK Mar 03 '20 at 03:55
  • 1
    What Iā€™m suggesting is that you look at how a real key server works, and consider mimicking that. They are architected to be secure. Otherwise there are many things you should change in your original proposal to strengthen it and make key rotation possible. ā€“ John Deters Mar 03 '20 at 15:30