1

I want to handle some confidential data in one of my web application. So that the data shouldn't able to read by the Developer or Database administrator.

We can easily hide the data from DB administrator by implementing some encryption technique. But still the developer can see the data since he only creating the decryption technique. I want only the end user should see his data.

I can't encrypt data using some algorithms like PBKDF2 or DB side encryption methods Like TDE & EKM because still I need to keep the encryption key somewhere. If I keep in server side or in db the developer can access and decrypt the data. If I keep it in client side, the user can't access the information from a separate machine.

So How to handle this situation? Thanks in advance.

Rameez
  • 601
  • 1
  • 8
  • 22
  • 1
    If you encrypt/decrypt data sensitive data at the application layer (e.g. web server/service), you only need to make sure the DBAs and Developers don't have access to the keys. Knowing the algorithm or having access to encrypted data is little use without keys. Don't store keys on the client; use HTTPS to encrypt data in motion. – Dan Guzman May 29 '15 at 11:45
  • Handling the key is the only problem I am facing here. I can't save it in server side/ DB and I don't want user always remember his key and enter it to view his data. Since it include a risk of user forget/lost the key and lost his data forever. – Rameez May 29 '15 at 12:51

2 Answers2

2

You are heading the direction of Zero Knowledge Web Applications, such as implemented by SpiderOak (see also crypton). These applications typically work by deriving a key from the user's password using something like PBKDF2, and performing encryption/decryption on client side. However, there are a number of complexities to overcome to make it true zero-knowledge, and also to meet usability requirements. One could write an essay on this, but instead I suggest you start by reading the linked references. If you have any questions, let me know.

In a nutshell, the "more zero-knowledge" you want the system to be, the harder it is to realise without sacrificing usability (one example is overcoming the points made in Javascript Cryptography Considered Harmful). However, there are various tradeoffs you can make in order to make it sufficiently difficult to cheat without affecting usability too much.

TheGreatContini
  • 6,429
  • 2
  • 27
  • 37
  • That looks great, i hope i can develop something from your answer. Thanks for the lead – Rameez Jun 03 '15 at 09:15
  • Still one challenge i have is in case if user forgot the password, we can't decrypt the data, since the key is from his password. That time he may lose his entire data. May be i can give a warning to user for this? But still i am looking is there any way to handle this situation – Rameez Jun 03 '15 at 09:56
  • Yes, but there are ways that you can build password recovery into the system. AlephCloud (not sure if they still exist) was building a system such that a quorum of people had the ability to do password recovery or data recovery for an individual who forgot their secret, using threshold cryptography. This assures that any number of insiders less than some pre-determined threshold could not cheat. Google for it, I remember there were news articles about it a couple years ago. – TheGreatContini Jun 03 '15 at 10:13
0

I need to keep the encryption key somewhere

No you don't. The user only has to remember it. For convenience you could save it in the browser's local storage.

CodeCaster
  • 147,647
  • 23
  • 218
  • 272
  • 1
    Then it will not be a user friendly application right? Every time user needs to enter the encryption key. Also in any case if user forgot the key, he may lost his entire data – Rameez May 29 '15 at 10:56
  • Sounds like you have conflicting requirements. – CodeCaster May 29 '15 at 11:00