7

We have a integration arrangement to send content across the internet and the agreed protocol encrypts then sends it via sftp.

What possible reason coould there be to encrypt the content twice?

I can't see any good reason for it.

The algorithm for encryption is AES with CBC mode for enhanced security

The Hashing algorithms as defined by NZSIT 402:2008 should be using SHA 256; therefore the algorithm used to derive the key is PBKDF1 (defined in PKCS#5 v2.0 and documented in RRC 2898) with SHA256 as generator other than PBKDF2 which is based on SHA1 generator; it is also recommended to use 128 bit encryption strength unless higher security is required.

Bastion ssh/sftp servers are used on one at least one side of the communication, but they seem to be 'close' to the final endpoint system and no-one talks about the risk of intermediary servers being compromised.

AviD
  • 72,138
  • 22
  • 136
  • 218
Andrew Russell
  • 3,633
  • 1
  • 20
  • 29

1 Answers1

22

There is no point if your threat model is only looking at interception or modification in transit.

However files that are being sent via SFTP often sit on a staging server at both receipt and storage. If you are worried about unauthorised access at these points then it is worth encrypting the file as well as the transport encryption.

In addition if you have a threat and requirement for non repudiation and/or want a method of verifying the file has not been modified (e.g. by an administrator once received) or sent by the authorised party (defence in depth to authentication and authorisation of the SFTP connection e.g. where one set of SFTP credentials are provided to a company but the file should only be sent by the finance department). In all these cases having a cryptographically signed file e.g. pgp signature that can be verified is a useful security control

Rakkhi
  • 5,783
  • 1
  • 23
  • 47