Hello,
Please let me ask you for information and ideas about how to use OpenSSL
effectively to implement encryption for data storage.
I'm designing an encryption feature for a certain kind of data management
system. I want to implement the following features, which I think are
common to disk and database encryption.
[Characteristics of the target storage encryption]
1.Only a daemon program reads and writes data in data files on behalf of
users.
2.The daemon encrypts regular files on file systems (e.g. ext4 on Linux,
NTFS on Windows) using AES128-XTS or AES256-XTS when it writes out those
files. It decrypts data when the when it reads the data from files.
3.All files in a directory are encrypted with the same "data encryption
key." Individual directories have their own data encryption keys.
4.The data encryption keys are encrypted with a "master encryption key" and
stored in a file in the same directory where the target data files are
placed.
5.The data encryption keys and the master encryption key are randomly
generated.
6.The master encryption key is stored in a location that the administrator
specifies. Currently, I'm thinking of a regular file for ease of use. In
addition, I want to support HSM in the near future.
7.The administrator sometimes changes the master encryption key. Re-keying
operation retains the old master encryption keys in the same file.
[Questions]
Q1:
I want to encrypt the master encryption key with an administrator-supplied
password. I'm considering storing the master encryption keys in SecretBag
entries of a PKCS#12 file, i.e. use one SecretBag per one master encryption
key.
How can I store and retrieve information from/to SecretBags after
pkcs12_create()/pkcs12_parse()? I couldn't find appropriate medium-level
API to manipulate SecretBags despite the below statement in Changelog. I
would be grateful if you could give me the pointers to sample programs as
well.
*) Add new 'medium level' PKCS#12 API. Certificates and keys
can be added using this API to created arbitrary PKCS#12
files while avoiding the low level API.
Q2:
By default, the administrator has to enter a password to decrypt the master
key file when he starts the daemon program. The daemon reads the master key
file, decrypts the master keys with the supplied password, and load the
master keys in memory.
In addition, I want to allow the daemon to start without administrator
intervention. What way do you think is secure?
Disk encryption software such as FreeOTFE and TrueCrypt don't seem to
support auto-start feature. The user needs to enter password to mount
encrypted volumes.
However, Oracle Database supports this bye the feature called "auto-login
wallet":
http://docs.oracle.com/cd/E11882_01/network.112/e10746/toc.htm
The relevant sections are:
3.2.1.2 Using Wallets with Automatic Login Enabled
3.3.1.2 Using an Auto Login Wallet
9.4.14 Using Auto Login
Oracle stores master keys in a PKCS#12 file called Oracle Wallet
(ewallet.p12). ewallet.p12 is encrypted with a user-supplied password. If
the administrator enables auto login, Oracle creates an obfuscated copy of
ewallet.p12 in the file cwallet.sso. When the cwallet.sso exists, the
database server starts and loads master keys without administrator
intervention. Furthermore, if the administrator enables "auto local login",
the cwallet.sso can only be used on the machine where it was created.
Therefore, attackers cannot use the master key file on their machines.
How do you think this can be implemented with OpenSSL?
Q3:
Is there any good software keystore which I can use to store symmetric
master keys using C API? The only one I found is SoftHSM, which provides
PKCS#11 API. However, it seems that SoftHSM can only be used with
OpenDNSSEC, and cannot be used as a standalone keystore.
Home - SoftHSM - OpenDNSSEC
https://wiki.opendnssec.org/display/SoftHSM/Home
Sorry for my long mail. I appreciate any comments and suggestions.
Regards
MauMau
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
