Need help with an encryption scheme

**zobayer1** · June 5th, 2013

Yah, if the server is compromized then those situations are out of my hands. The only major problem here is the source code of the program can get exposed, and thus exposing the private key as well. Can you suggest how the keys can be kept protected even if the source code is exposed? Is storing those data in a database the only solution?

**trent.josephsen** · June 5th, 2013

NEVER EVER store auth data (tokens, keys, passwords, etc.) in code! It's a maintenance problem and a huge security hole.

I tend to put stuff like this in an rc-file, or prompt the user for it on startup. Depends on the application. If you're using PGP, though, you'll probably just invoke the GnuPG binary and let it do its own storage thing (keys saved in ~/.gnupg). The symmetric key can be anything as long as the server and clients all know it.

The fact that you ask the question raises another, though. Can rc-files or databases be any more secure than code? I mean, if you did store the private key in the source code for the server, presumably you wouldn't just hand out the source without deleting the sensitive information, so are you expecting that the source code can be exposed in some way that doesn't compromise the server as a whole? (Of course, if you don't store keys in it, you can put the source on Github or print copies and leave it in public restrooms for all the difference it makes to security.)

**zobayer1** · June 6th, 2013

Originally Posted by trent.josephsen

The fact that you ask the question raises another, though. Can rc-files or databases be any more secure than code? I mean, if you did store the private key in the source code for the server, presumably you wouldn't just hand out the source without deleting the sensitive information, so are you expecting that the source code can be exposed in some way that doesn't compromise the server as a whole?

Yeah, there is a chance that the source code can be exposed without the server being compromised and vice-versa. for my situation, it's very less likely for both being exposed at the same time. So I guess storing these critical information on separate locations like you mentioned should reduce the risk significantly. If both are compromised (i.e. code and database) there is not much can be done anyway. Instead of using separate rc-file, I am storing them in a database right now.

P.S. on a side question, how can I mark the thread as SOLVED, as far as I remember the option was in Thread Tools menu, but can't find it anymore there.