1

As I have developed my app using openFL which uses haxe, and I am about to start the activation part of my software, I wonder how would I safely store my encryption secret key? would I just hard code it into my app??!

I will be using this key to encrypt data before sending to server, and I will be using it to de-encrypt data received from server too.

Any one can recommend best practices followed in such case?

simo
  • 23,342
  • 38
  • 121
  • 218

1 Answers1

1

This sounds like a job for asymmetric encryption.

  1. Create a key pair at your server, store public and private keys. The private key should be kept safe, the key size should be 2048 bits or more;
  2. Include the public key in your application;
  3. The application uses a secure random generator to create an AES key;
  4. The data is encrypted using CBC and PKCS#7 padding, also include a HMAC (possibly with yet another random AES key);
  5. Encrypt the key(s) with the RSA algorithm and the public key;

The server can now decrypt the AES keys using the private key and decrypt the data with the retrieved keys. Then verify the MAC, if you included it in your protocol. Finally decrypt the ciphertext to retrieve the plaintext.

This scheme is called hybrid encryption because it uses both symmetric and asymmetric encryption. Beware of padding oracle attacks (which leak all the plain text to an attacker) if you don't use a MAC. Always verify the MAC before decrypting.

You can store an RSA public key within your application. With this public key you can encrypt an AES key (using PKCS#1 OAEP or v1.5 padding).

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Thanks, I wonder if some one in haxe community can post a link to a library that would do the encryption .. – simo Dec 23 '13 at 15:28
  • @simo I'm not familiar with the platform, I do know that asking for offline resources is considered off topic. – Maarten Bodewes Dec 23 '13 at 19:35
  • What do you mean by MAC at your answer please? do you mean the MAC address to be used as hardware ID? – simo Dec 24 '13 at 12:05
  • No, Message Authentication Code. Normally a Hash based MAC or HMAC is used. It provides integrity and authenticity to the send package. It's the symmetric equivalent of a digital signature. It can also be used to thwart attacks such as padding oracle attacks, which attack e.g. AES CBC encryption specifically on online protocols (the cipher itself is not attacked, but the error handling of the server can be used to retrieve the plaintext, in 128 tries(!) per byte. Don't use encryption without MAC/Signature unless you have no other option. Anc check before decryption. – Maarten Bodewes Dec 24 '13 at 12:49
  • Sir, how do I generate a MAC? – simo Dec 27 '13 at 06:03
  • In your case probably by finding a JavaScript HMAC implementation. You should not program such a thing yourself. – Maarten Bodewes Dec 27 '13 at 17:30
  • Is there an example that you recommend by which I can see all the phases of encryption/ decryption? – simo Jan 02 '14 at 13:46
  • Not one that I know of. I've learned on the job. – Maarten Bodewes Jan 03 '14 at 11:52