Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I am a bit confused about securing the secret encyption key. Here is the scenari

ID: 659868 • Letter: I

Question

I am a bit confused about securing the secret encyption key. Here is the scenario:

1. I need to encrypt some data (file)

2. This data will be read by a program (say written in C/C++).

3. Both the program binary and encrypted data will be accesible to some arbitrary user.

However, in order to read the data the program needs to have the secret key that was used to encrypt the data. One possibility would be to hard code the secret key into the source code of the program itself. However, the key can be found out even from the compiled binary! I also do not have any possibility of taking input from the user for password/secret key etc. I also don't have any network access to request a server to send the key. Please, assume the OS to be linux/linux like.

So, the question is, how can I secure this key?

Explanation / Answer

First, do not bake the key into the binary. As Xander noted, a HSM is designed for this purpose such that a key is only accessible to the application and is not on the system. You may be able to setup a bastion host you locked down on a separate management network to serve this purpose instead, which is a little less secure. The next level would be to at least keep the key in a secure area on the local file system. You then use access control and privileged identity management and monitoring to limit the possibility of the root user getting the key and not being detected.

If the data is never used by computers and only be explicitly identified users/subjects, you could try something like Mylar from MIT.

You need to find the solution that will maximize your return on security investment relative to the risk of the encrypted data being exposed. There will always be threats, but the likelihood and impact will need to be considered before selecting any countermeasures.

It's also not clear if this is a client-server application, a web application, or a desktop program which uses a local data file. These specifics would further impact your strategy.

Related Questions

I always hear that involving with open source projects is good for career and th
Question #660087
I always make errors on the excel standard deviation formula. Did I use the corr
Question #2383116
I always rate - right answers only please file:///Users/michaelrodriguez/Desktop
Question #2124327
I always rate 5 for complete answers. 1) a) What will happen when an uncharged p
Question #2236102
I always rate A closed, circular loop has a counter-clockwise current flowing th
Question #2124326
I always rate! Please do them clearly. I posted two questions and they were answ
Question #1773194
I always wondered what are the effects of including not needed headers to the fi
Question #658997
I am 17 years old and my ultimate job goal is a cyber security professional. I h
Question #662058

Navigate

Previous
I am a bit confused about problem 5P in chapter 3 in the book basic engineering
Next
I am a bit confused as to whether I should use +9.8 m/s^2 or -9.8m/s^2 when solv

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.