1

I'm creating some encryption in my asp.net webform, using the AES and the built in RijndaelManaged. I'm wondering what kind of key system I should use. I want the SSN to be encrypted in the database, and to only be decryptable by either the owner of the ssn, or an authorized admin.

What I'm wondering is, if the encryption key is created during the application, then won't I no longer be able to use it once the application is closed? Would I have to store the key in the database? That seems to ruin the point of the encryption. Is there a way to get the same key every time based on perhaps a seed number? Probably not, that seems like it would make it very easy to crack. How do I approach this problem?

Improve this question
0

3 Answers 3

Reset to default
3

In the end, the web application has to be able to read the data and present it to authorized users. If you want more than a single user to access the data, then you need some way to get at the data with a method that is not unique to a specific user. This means having to trust the app to give it to the right person.

What this means is that you should likely just encrypt the value in the database using database level encryption, assuming you're using a database that offers this. Then your app can determine whether or not to show the data to someone, based on whatever authorization mechanism you have in place.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

Well, with encryption you will always end up with this problem - what to do with the keys? Key storage and management is its own field.

Some approaches for you to evaluate:

  • Use DPAPI to encrypt. With DPAPI Windows handles key storage under the credentials of the user your ASP.NET app runs as.

  • If you are authenticating the user yourself using some secret (a password), you can derive the key from the password and a salt. Remember to re-encrypt the data if the user changes his password! The salt can be stored in cleartext alongside user information. You can derive a cryptographic key from a password doing something like this:

        public static KeyIV GetKeyBytesFromPassword(string password, byte[] salt) {
    using (var aes = new AesCryptoServiceProvider()) {
        using (var deriveBytes = new Rfc2898DeriveBytes(password, salt)) {
            var res = new KeyIV {
                Key = deriveBytes.GetBytes(aes.KeySize / 8),
                IV = deriveBytes.GetBytes(aes.BlockSize / 8)
            };

            return res;
        }
    }
}
  • If you really need top-notch security you can use a Hardware Security Module (HSM), which can be an independent piece of hardware (see for example Thales) or a board for your computer (see for example the IBM 4764 PCI-X Cryptographic Coprocessor or similar). In this case you are using specialized tamper proof hardware which will handle key storage and management for you.
  • Some database products have what is called Transparent Data Encryption which basically will encrypt a whole database table for you transparently. It's very expensive though. Oracle and SQL Server both have it.
Improve this answer

Comments

1

lot has been discussed here: What is the best way to encrypt SSNs in SQL Server 2008? .. I have encrypted password using RinadaelManaged and stored Key and IV along with encrypted password for description. The key and IV is different for every record.

http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndaelmanaged.aspx

Improve this answer

2 Comments

What is the point of such encryption if the Key and IV are literally sitting in plain text right next to the encrypted password?
@allu In my case IV is appended to actual encrypted binary data in the same column. As far as key it is not stored "as is" but is being "jumbled" using code. In my case this provides level of security required for my application. Another option is to use machine level key for all encryption. While I have looked at that solution too I did not want to tie encryption/decryption to particular machine key. So in my case jumbling of binary data i.e. encrypted password + key + iv stored in a way that is known only to the code worked for me.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.