Securely store public/private keys in a database

2018-06-07 01:58:56

I want to store public and private keys in a database securely.

My question is therefore how do I store the private key in a database securely. (public key doesn't need to be that secure anyways).

I have two methods currently.

Add a passphrase (ie the user's master password) to the private key and store that as a string in the database

Encrypt the private key using a symmetric algorithm and store that as a string in the database

Are these methods sufficient?

Which is better or are they the same thing?

Are there any better ways?

Update Some of you might be confused on why I want to even do this. My use case is a team based password management system. Public keys are used to encrypt a password (one for each user in a team) and private key with passphase is used to decrypt the password.

The first option is likely better, because it's easier to mess up your own symmetric encryption implementation, than to use an existing one correctly. Passphrases on private keys usually mean just some form of symmetric encryption.

PS. I'm not sure why you're using private / public keys here. If it's for proof who uploaded the key - great. If it's for the encryption itself - why not just use symmetric encryption of the stored password instead? If all people privileged to read it know the password to the private key, then there's no big difference. The only thing you seem to gain is being able to cycle the keys without changing the passphrase everybody knows.

链接地址: http://www.djcxy.com/p/21778.html

上一篇: 在android（客户端）加密密码并在服务器端用rsa解密PHP

下一篇: 将公钥/私钥安全地存储在数据库中