Solution Selection for Sensitive Content Storing
In “Managed Service for Alibaba Cloud” service project, we have some sensitive data such as secret key, vm password and so on stored in database. To avoid store plain text, we need a solution to encrypt and decrypt sensitive data.
Solutions
Keystore
Systems that provide ability to store sensitive key/token/password. Encryption and decryption will handled by the system.
IDM
Valut
Need to involve a new system and maintain it.
Encoding
Reversible character encoding algorithms. Same algorithm will be used for encryption and decryption.
- HEX, BASE64 (BASE##), UTF8 and etc.
- compaction algorithm such as Huffman Coding, ZIP (Deflate) , JPEG, MPEG and etc.
- etc
Easy to be decode.
Abstract algorithm
Irreversible algorithm. Not appropriate for us.
- MD5
- SHA-1, SHA-256
- MAC
- etc.
Symmetric encryption
Reversible algorithm. Plaint text (data) is encrypted or decrpyted with given private key (shared secret) with same algorithm. https://en.wikipedia.org/wiki/Symmetric-key_algorithm
- DES
- AES
- RC
- etc.
Need to share the private key.
Asymmetric encryption
Reversible algorithm. Plaint text (data) is encrypted with public key. The encrypted data is decrypted only with private key. The public key can be openly distributed without compromising security. Encryption and decryption in different way. https://en.wikipedia.org/wiki/Public-key_cryptography
- RSA
- DSA
- ECC
- etc.
Anaysis
- Keystore - One more system means one more point need to care the load, failure and so on. Need to communicate between severs even to set/get a property of resource (such as vm property password).
- Vault - Described in this post
- Encoding - Too weak. Easy to be decode.
- Abstract algorithm - Irreversible. Not appropriate.
- Symmetric encryption - Good choice. Need to store the key in separate place. Good solution for encryption and decryption in same system. (e.g. AES)
- Asymmetric encryption - Good choice. Need to maintain 2 keys and store in separate places. It’s not necessary because we have the encryption & decryption in same application. Good solution for separate encryption and decryption. (e.g. RSA) For RSA, plain text can not be longer than the key.
| Maturity | Security | Speed | Load | Comment | |
|---|---|---|---|---|---|
| DES | High | Low | Medium High | Medium | |
| AES | High | High | High | Low | Replacement of DES |
| RSA | High | High | Low | High | plaint text can not longger than key |
| DSA | High | High | Low | Only for digital signature. | |
| ECC | Low | High | High | Low |
Above all, we better choose Symmetric encryption AES. And AES is faster and lower load compares to RSA.
Resolution
The database server and application server are behind the firewall. And they are in private network. This ensures the architecture level security.
Key
Stores in OSS or shared NFS with authorization. Read when application started (only in memory).
Customer Alicloud key & secret
Encrypt it before saving. Decrypt it after loading.
Virtual Instance password in parameter
Encrypt it before saving. Decrypt it after loading.
— END —