5

I am a bit confused about securing the secret encyption key. Here is the scenario:

  1. I need to encrypt some data (file)
  2. This data will be read by a program (say written in C/C++).
  3. Both the program binary and encrypted data will be accesible to some arbitrary user.

However, in order to read the data the program needs to have the secret key that was used to encrypt the data. One possibility would be to hard code the secret key into the source code of the program itself. However, the key can be found out even from the compiled binary! I also do not have any possibility of taking input from the user for password/secret key etc. I also don't have any network access to request a server to send the key. Please, assume the OS to be linux/linux like.

So, the question is, how can I secure this key?

user2219907
  • 51
  • 1
  • 3
  • 3
    You can't. You may obfuscate the binary to make it more difficult to find the key, but in the end, you still have to give the decryption key and the data to the user – user2313067 Aug 27 '14 at 16:32
  • [These](http://security.stackexchange.com/questions/6612/how-can-i-decrypt-data-with-java-without-hard-coding-the-key) [questions](http://security.stackexchange.com/questions/25104/encrypting-data-for-android-mobile-app) [are](http://security.stackexchange.com/questions/17368/how-do-i-securely-store-and-retrieve-a-many-time-use-key) [related](http://security.stackexchange.com/questions/57455/storing-the-master-key-in-the-app-server-binary). – Artjom B. Aug 27 '14 at 16:33
  • 4
    Generally, when you want to keep a key secure from the computer that needs to decrypt the data, you do it by storing it in an [HSM](http://en.wikipedia.org/wiki/Hardware_security_module). – Xander Aug 27 '14 at 16:57
  • @user2219907 can you clarify if the user of your application is supposed to have free access to the unencrypted data (and you are trying to protect it from malicious 3rd parties), or if the encryption is part of some DRM mechanism? – lzam Aug 27 '14 at 19:11
  • Diffie-Hellman key exchange comes to mind, and may be something you could look into. – Jonathan Aug 27 '14 at 19:35

3 Answers3

2

The best possible scheme would be having that one encryption key for every user, similar to an authorization code given out for Microsoft products. The only difference would be that every single program you give out would have to have a different encryption key embedded into it.

That would be the only way to somewhat secure the encrypted data.

Either way you are breaking Kerckhoffs's principle (2. Enemy knows the system), so it would probably be good to implement run time decryption / obfuscation of the class that will be decrypting the data file. It won't stop people who really want to get it, but it would definitely put up a barrier.

There's no good way of 100% securing your program.

crypto
  • 104
  • 5
2

First, do not bake the key into the binary. As Xander noted, a HSM is designed for this purpose such that a key is only accessible to the application and is not on the system. You may be able to setup a bastion host you locked down on a separate management network to serve this purpose instead, which is a little less secure. The next level would be to at least keep the key in a secure area on the local file system. You then use access control and privileged identity management and monitoring to limit the possibility of the root user getting the key and not being detected.

If the data is never used by computers and only be explicitly identified users/subjects, you could try something like Mylar from MIT.

You need to find the solution that will maximize your return on security investment relative to the risk of the encrypted data being exposed. There will always be threats, but the likelihood and impact will need to be considered before selecting any countermeasures.

It's also not clear if this is a client-server application, a web application, or a desktop program which uses a local data file. These specifics would further impact your strategy.

Community
  • 1
Eric G
  • 9,691
  • 4
  • 31
  • 58
1

Could you not generate the encryption key based on a pass phrase given by the user that is encrypting the data? Then that pass phrase would have to be supplied again in order to decrypt the encrypted data. This would of course require the pass phrase to be known and entered by a user so nothing would just magically happen.

inquam
  • 111
  • 3