I'm building an app that I want to have E2EE. My struggle is with the private keys. Most of what I read they say you don't store it in AWS servers because it will not be an E2EE anymore and it's a backdoor. I don't want to create a backdoor, I want the user ONLY to hold the key. However, at the same time if the user logged in from another device, they cannot retrieve their data coz the private key on the original device.
So what are some ways to let the user be able to login from another device without having a trouble retrieving the data and not putting their private key on risk!
Please consider that I'm new to this subject and I'm using cryptoKit from Apple :)
Thanks!
You can use the user’s id and password hash (for example) to encrypt the private key and store the encrypted version of it on the server.
Encrypt the private key locally using the user's id and password (or a hash of it)
Send this encrypted key to the server to store it there
Now when the user logs in from another device, the encrypted key can be retrieved and decrypted locally using the user's id and password.
Thus, it won’t be possible to decrypt and use the encrypted key without the user’s credentials. However, this also means that if the user changes their password, the encrypted key also needs to be decrypted with the old and re-encrypted with the new password.
That’s the usual approach for your requirement.
Related
Are there any packages, frameworks, or services to do client-side encryption of user data in Flutter, using firebase as a server?
I hope to build an app that handles some of a user's personal financial information and so I want no one else, including me, to be able to access it. Firebase allows a Dev to see the unencrypted database so I need to do the encryption on the client-side.
I think this will probably have to involve a client-side symmetric key used for encrypting and decrypting the user data.
My worry is how to store this key.
(1) Randomly generated key stored locally - doesn't allow the user to switch between devices and is lost if the device is lost
(2) Store it in a Google Drive - requires the user to have a Google account. (Advocated by this article from HackerMoon
(3) Generate it deterministically from a salted hash of the user's password (stored locally) - lost if the user forgets or changes their password.
(4) Allow the user to choose between a subset of the above
My question is similar to this one How to encrypt user data in Firebase but it covers situations were data is transferred between users and hence uses public key cryptography.
Questions:
What is the best way to encrypt user-data for a firebase db?
And if it is to use a symmetric key, what is the best way to generate and store this key so the user doesn't risk losing access to their data?
This one appeared to be the best solution for my case: flutter_secure_storage. It stores the data in an app specific container within the official key stores of iOS and Android
I have a public key of customer that I need to use to encrypt credentials and send to the customer to obtain an auth token that I will be using for all further communication with the customer services.
For testing purpose, I saved the public key into a file and I am able to successfully obtain the auth token.
Now, the question is, where do I need to store this key safely. Options that I can think of are web.config as it is not browsable, or keep it in a file. Both seems to be unsafe.
If I keep it in a file, can I save it into windows trusted store? If yes, how can I save it and since in the trusted store, I will have multiple such keys, how I will retrieve this particular key to encrypt the credentials next time when I need to encrypt.
I am using windows machine for production server and .NET to encrypt, just in case it makes difference.
I think you can encrypt this certificate with another rsa key pair. Save key and encrypted data in different platform. For example save encrypted data in db and save rsa key in file system in protected folder. Protected folder can be user directory which has application user. Encrypt certificate out of the platform with separate tool. Don't save your rsa private key in application system.
I need to store a sensible info in a database (clients passwords). Is there a common practice? The information should be accessible by various users. Think about service company that should make maintenance of clients systems.
I'm thinking about using AES encryption. All the information is encrypted with the same main key. For every user this main key is encrypted with the user's password used as the key and stored separately. During login and authentication the main key is decrypted and saved in a session. Later the key is used to decrypt clients info. Is it a good practice?
Thanks
P.S.: Yes, I know that it's better not to use passwords, but it's not me to decide the way to access client's servers.
I am building a swift app and has user account. I need to keep their information (password) safely, I have read that using salted hash for the password is safe, but I wanted to know if it is recommended to use this and store the hashed password in my icloud kit (my dataBase)
The recommendation if you need the original should be to store passwords in the keychain. If you only need to store a hash for verification, salt it and store it as a SHA-256 HASH (and keep the salt in the keychain, possibly the hash too).
If you need to put passwords in the database on an iOS device, and for whatever reason the Keychain won't work for you, you should use SQLCipher, and have the user enter the DB password to unlock it, rather than storing the DB key anywhere. If you go this route, use a key derivation function such as PBKDF2 on the user input.
Generally, assume that any password you store is a security issue. Try not to store them yourself at all.
I am planning to store a password in my Native app (Android and iPhone). Should I store them after encrypting it ? or can I store it without any encryption? Are they really secure?
Any jailbroken iPhone will give any user access to the application's Documents folder. So, yes, it's insecure.
Additionally, if you put the password inside the code, you're still weak, as someone can decompile the program and find the key. What I'd recommend is a proxy.
For example, we have an application that connects to Facebook's API on the phone. However, we don't want to store our Facebook API private key on the phone, because then any user who reverse engineers our code could hack our Facebook application!
So, instead, we store the Facebook private key on a (secure) proxy server. When the device needs to interact with Facebook, it contacts the proxy, asks the proxy to log-in, and then the proxy gives a session key to the device to use directly with Facebook.
Certainly, it's still hackable - but you won't lose your private key in the process, and instead, the only thing your user could do is do the same things you do in your proxy server API.
Could you give us a little more information about what you're trying to do?
I would store it encrypted.
If someone would read your password he/she could simply use it. If it is stored encrypted, that person would need to decrypt it before usage.
Stored passwords are not safe at all. Determined user can root it's device and access any database and preferences. If you encypt password, your application can be decompiled to get decode function or step-executed until decrypted password is stored somewhere in process memory.
It doesn't mean you shouldn't encrypt passwords - use any symmetric encryption and initialise key in some non-trivial way (i.e. arythmetic expression). This will prevent script-kiddies and casual programmers from reading passwords. Just remember if some really want them, he will get them anyway.