Is it safe to store important data in an encrypted access token?

Question

Is it safe to store important data in an encrypted access token? For example, instead of storing access tokens in a database, not storing them at all and putting their associated data into them before encryption.

As in. I'm setting up an Oauth authentication server. I create an access token by wrapping together the timestamp of the token, the IP address of the request for the token, the principal used for the request, and maybe some other data, as a String. Then I encode the String in Base64, and run it through strong encryption.

When the token is submitted, I use my key to decrypt it, decode it from Base64, and read the data it contains. If I'm able to read it, it can't have been tampered with, right?

Is the only reason to store access tokens and the user they were issued to in a database table a lack of faith in the strong encryption?

Answer 1

It depends on whether the encryption mechanism you're using provides confidentiality (like AES in bare CBC mode) or or confidentiality and integrity *like AES in CBC mode with an HMAC, or AES-GCM)

Just because your data is encrypted doesn't mean that it can't be tampered with in a way that you can't detect. It must be both encrypted and authenticated, and the authentication is done with a MAC, or message authentication code.

If, in fact, you are using authenticated encryption and so you can verify via the MAC that the ciphertext has not, in fact, been tampered with before you attempt to decrypt it, then yes, this is a reasonably safe way to store and protect data, provided of course that you are as you stated using strong encryption and the implementation is otherwise sound.