I'm a noob in data security area and I'm working on PoC for an app for managing some files. Now these files might be anything from a leave of absence form to potentially confidential agreements. Being a noob I did advise my team that we should hire a security expert and/or have a security audit once PoC is complete.
The problem I want to store encrypted files in a decentralized manner. I'm using IPFS for that. But since the files are encrypted I need to store encryption keys securely.
Current solution I've implemented envelope encryption of encryption keys by means of using Hashicorp Vault and it's Transit Engine. So when a file is uploaded by the user a new encryption key (Data Encryption Key - DEK) is generated, the file is encrypted and encryption key is then sent over HTTPS to the machine hosting Vault and encrypted (with Key Encryption Key - KEK). DEK wrapped with KEK is then stored in a central database. I know about existence of HSMs but I don't have access to one at this moment. We do plan to use HSM in the future though (we plan to implement digital signatures, too). At the very least we'll probably move our key management infrastructure to Google Cloud KMS and use HSM level keys.
When a user registers in the app a new entity is created in Vault so that I can leverage ACLs to limit access to the KEKs (which are created per user) only to the specific user.
Questions
- First of all, do you think this scheme is secure?
- In case this scheme is ok, how much do you think HSM would add to security? (thinking about cost to benefit ratio)
- By default Vault's ACLs allow root user to access everything anyway. I would like to limit that so that only user can (after authenticating) access their KEK. How would you go around trust issues here?
- The KEKs are managed by us, but do you think there is a better way of doing that? I was thinking password-based key derivation but I'm not sure users would be ready for complications (in cases like forgetting their password).