Geek Answers Handbook

Where do you put the encryption key on a public server?

I use NServiceBus with MSMQ between my web application and the service, and I need to be able to encrypt the message payload so that if the message is queued locally on the web server (the service node is down), the confidential information cannot be viewed.

Since the web server is open, I am not only obligated to encrypt data that can be serialized to disk anyway, but I also cannot save the encryption key on the web server.

I examined the use of DPAPI to store the key, but since the key will be stored on the host, I don’t know if this contradicts the requirement or not. Another option that I considered is that when you start a web application, it can request a key from a service and hold it in memory for the life of the application pool.

I have not had to work with this level of encryption requirements before, and would like to know what others are doing and get some feedback on the ideas mentioned above.

+6
security c # encryption nservicebus
source share
4 answers

You can override the source from which NServiceBus uses its encryption key - this is described in the documents here: http://docs.particular.net/nservicebus/security/encryption

This way you can avoid having this confidential information in the DMZ.

0
source share

Can you use public / private key encryption? Then you only need the public key on the server, and the data is decrypted using the private key in another place.

+7
source share

"Since the web server is open, I’m not only obligated to encrypt data that can be serialized to disk anyway, but I also can’t store the encryption key on the web server."

This seems to be the only limitation to focus on - confirm that this is true for starters. This will eliminate the capabilities of DPAPI + local keystore.

It is plausible to deliver the key over a service, but this service must still authenticate the caller. If your server is compromised, disguising as a legitimate caller, adhering to a call, etc. Are possible. In addition, if you saved the key only in memory, this memory can still be detected in the debugger or memory dump, elevated privilege level, etc.

Hardware encryption cards are the only way to overcome the latest scenarios.

+1
source share

The best place to encrypt is at the queue level . You do this by sending private messages and creating queues that only accept private messages. Although you can set the privacy level of a queue when creating a queue during creation, I'm not sure if you can configure NServiceBus to send private messages.

0
source share

More articles:


All Articles