I apologize in advance if my title is completely misleading.
I have a blog that is being developed. This blog requires its entries to be encrypted for specific people only to view. No one else, not even the database admin, should be able to access this data. As such, encrypting it with a common key is not feasible.
My first thought was to use RSA encryption. The metadata of a blog post would be unencrypted. There would be another table with the content of the blog post. When the submitter posts the message, they would insert the metadata, then insert one entry for each recipient into the content table. These entries would be encrypted with the recipients public key.
Now, this works fine - if I can store the private key on the user's computer. This means that I cannot use a different device. My solution to solve that was to store the private key, encrypted, on the server. The private key would be encrypted using AES encryption.
My thought process is:
- Alice creates an account, with username and password
- Alice generates a public/private key pair on the client (not the server)
- Alice posts the public key to the database
- Alice generates an encryption password, salts it, hashes it (SHA-256) one or more times.
- Alice uses this salted, hashed, etc encryption password as a random number seed, and generates an AES-256 key.
- Alice encrypts the private key with the AES-256 key, and posts it to the database.
Now, when Alice logs in:
- Alice provides the username/password to the server, and pulls the private key (encrypted with AES-256).
- Alice enters her encryption password, which is salted, hashed, etc
- Alice seeds a random number generator with her salted hashed encryption password, and generates an AES-256 key: This should be the same key as before, since I seeded the RNG with the same value.
- Alice decrypts the private key using the AES-256 key.
- Alice can now decrypt messages sent to her
Am I way off base?
Aucun commentaire:
Enregistrer un commentaire