1

I am making a social media type website, and I store user details such as emails, names and other personal details.

I will be encrypting the personal details using an Encrypt-then-MAC concept. When the user registers, a cryptographically secure string will be made to use as the private encryption key. When the user selects a password, the encryption key will be encrypted using the password.

The password will NOT be stored in the database, but will be the private key to decrypt the encryption key used to encrypt the personal details. The only person who knows the password is the user. My question is: how can I store the encryption key once decrypted?

I have thought of having a table with one column for IP and another column for the encryption key, but some people close the browser window without logging out, therefore there would not a possible way to remove the entry from the database when they have finished their session on the website.

Another way would be to store it in a cookie, but that could be intercepted when sent back to the server. I would like to know if there is a secure, nearly foolproof way to store the encryption key, client side or server side.

Thanks in advance.

EDIT:

In reply to TheGreatContini's answer - The idea of a "zero-knowledge web application" (in your blog) is a good one, however, for zero-knowledge, even the key cannot be stored in the database, this complicates things a bit, as you would then have to use the user's password as the key. Using the password isn't as secure, as it is a bit harder to verify the password to prevent data which has been "decypted with the wrong key" from passing. There is the concept of Encrypt-then-MAC but that only verifies if the data is legit, and will assume that a hacker has messed with some data and data cannot be trusted, however, as you cannot actually verify the password (the hash would not be stored as it is "zero-knowledge"), so the password may just be wrong.

beeperdeeper089
  • 56
  • 6
  • IP addresses don't identify people. One person can use dozens or hundreds of different addresses within a short time or even concurrently, and one address can be used by thousands of people or even millions (large CGNAT). – dave_thompson_085 Sep 03 '17 at 23:57

1 Answers1

0

Not sure I have the answer, but a few considerations:

(1) Sessions need to be timed out. Perhaps you can do this by periodically running batch jobs that scan the database looking for sessions that have lacked activity. This requires storing in the db the date of the last action from the user.

(2) Generally keys are higher value than the content they protect because the keys have a longer lifetime than the individual data elements that the protect (because the data may change or additional data may be added). Rather than storing the key in the db, you can store the decrypted contents in the database for the length of the session. Of course, this is provided that you did (1).

Perhaps I am not adding much beyond what you already know, however may be worth considering a blog I wrote exactly about this topic. The low level details start in the section "A second line of defence for all the sensitive data." Prior to that it mainly motivates the concept. Glad to see somebody actually doing something like this.

TheGreatContini
  • 6,429
  • 2
  • 27
  • 37
  • The idea of the email address being hashed then verified is god compared to my idea, but also is a limitation factor for the system, lets say that it needs to send an email every now and then saying "you have 20 unread messages" or "are you still alive?", then the server cannot do that as it does not know the actual email. The question itself is actually a bit stupid as there is no possible answer, as anything can be leaked, I would say your idea of timed out sessions is probably as secure as it can get if you want a fully functioning website. Hey, I wonder what Google do... Great blogs btw. – beeperdeeper089 Sep 06 '17 at 20:28
  • @dwarf08 Thanks for your feedback. Yeah, email addresses often leak in other ways, so I wouldn't worry about that too much. Bottom line is that you are doing a lot more than what 99.999% of other people do. – TheGreatContini Sep 06 '17 at 22:17