This week's book giveaway is in the XML and Related Technologies forum.
We're giving away four copies of Java XML & JSON and have Jeff Friesen on-line!
See this thread for details.
Win a copy of Java XML & JSON this week in the XML and Related Technologies forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Devaka Cooray
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • salvin francis
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

Symmetric key storage and wrapping?  RSS feed

 
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi..

is it acceptable procedure that upon install AES/DESde keys will be create automatically, and be encrypted or wrapped by another key that is PBE? (said keys are meant to encrypt specific values on xml files)

i've been looking into ways of key and read resources such as this: Credentials storage in jenkins and was wondering if there are any similar articles ..
 
Ranch Hand
Posts: 125
5
MS IE Notepad Suse
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
well - you can either ask the user for a pbe phrase - or store the data in plain
reason: as long as you try to hide somethin you have to reverse it - and when your code can anyone else can
thats called security by obscurity and is always a bad idea
 
Elhanan Maayan
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Matt Wong wrote:well - you can either ask the user for a pbe phrase - or store the data in plain
reason: as long as you try to hide somethin you have to reverse it - and when your code can anyone else can
thats called security by obscurity and is always a bad idea



sadly, when it comes to servers, that's always the only option.
 
Saloon Keeper
Posts: 9703
192
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Usually I don't bother encrypting keys in configuration files on the server. Security is provided by the operating system. If someone unauthorized has access to the files where the keys are stored (encrypted or not), you've already lost.
 
Elhanan Maayan
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:Usually I don't bother encrypting keys in configuration files on the server. Security is provided by the operating system. If someone unauthorized has access to the files where the keys are stored (encrypted or not), you've already lost.


the problems is that those config files can be exported outside in a zip.

so my thinking was to encrypt those values using either DESde or AES keys (that would be generated upon install) those values would be stored in an xml file along with the seed.
the keys would stores in another file (i'm thinking JCEKS because it allows to store symmetric keys on top of assymetric ones), have the password for that store encrypted in a another file (also part of the config), and the encryption of THAT, would be stored in the machine (using preferences api)


 
Saloon Keeper
Posts: 5219
143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

the problems is that those config files can be exported outside in a zip.


By whom? If you don't trust your sys admins, you have more fundamental problems with your hosting.
 
Stephan van Hulst
Saloon Keeper
Posts: 9703
192
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Uh, so why not just make a password protected ZIP when moving the configuration?

Why are you making your application responsible for its own maintenance?
 
Stephan van Hulst
Saloon Keeper
Posts: 9703
192
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Elhanan Maayan wrote:the keys would stores in another file (i'm thinking JCEKS because it allows to store symmetric keys on top of assymetric ones), have the password for that store encrypted in a another file (also part of the config), and the encryption of THAT, would be stored in the machine (using preferences api)



So basically, you have keys in a file protected by keys in another file, protected by keys in another file. Aren't you worried that those last keys are going to be stolen? Shouldn't you encrypt those? And then also the keys used in that step? And so on?

Like Tim said, it's better to trust and rely on the system administrators.
 
Elhanan Maayan
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:

Elhanan Maayan wrote:the keys would stores in another file (i'm thinking JCEKS because it allows to store symmetric keys on top of assymetric ones), have the password for that store encrypted in a another file (also part of the config), and the encryption of THAT, would be stored in the machine (using preferences api)



So basically, you have keys in a file protected by keys in another file, protected by keys in another file. Aren't you worried that those last keys are going to be stolen? Shouldn't you encrypt those? And then also the keys used in that step? And so on?

Like Tim said, it's better to trust and rely on the system administrators.



i'm aware of the bootstrap security problem, but your code is being scanned by customers clients, there's not much you can do
 
Matt Wong
Ranch Hand
Posts: 125
5
MS IE Notepad Suse
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
well - don't even think about DES - it's broken and can be bruteforced by any modern system
also - even DES-ede (as it's called correctly) - or triple-DES - is supposed to use 3 different keys and so bump up to 168bits - but in real world DES-ede only uses two keys - and therefore is only 112 bits (you can read about that on wikipedia)
so - IF you want to encrypt something - use AES - and at least something secure as CBC or OFB or so - never ECB (also: wikipedia)

i still don't understand what you try to protect - the main issue here is that you allow some secret information to get outside your controlled environment - why you even allow this? this is already flawed by design

if you want to export some secret information - use PBE and always ask the user

as others said: the only time you store keys unencrypted is on a secured server wich provides security at os-level - cause when someone has access to the system - it's easy to get admin/root access - and then you lost anyway
 
Stephan van Hulst
Saloon Keeper
Posts: 9703
192
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Matt Wong wrote:so - IF you want to encrypt something - use AES - and at least something secure as CBC or OFB or so - never ECB


Wrong. IF you want to encrypt something, you generally want to use an AEAD algorithm like GCM, OCB or EAX. Don't hack around by combining primitives by yourself.

Java comes with GCM and unless you're working on a small embedded device with limited memory, there's very little reason not to use it.
 
All of the world's problems can be solved in a garden - Geoff Lawton. Tiny ad:
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database
https://coderanch.com/t/704633/RavenDB-Open-Source-NoSQL-Database
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!