Hello,
I'm sorry to repeat myself, but could anybody tell me how to store and
retrieve information in SecretBags of PKCS#12 files? I'm completely at a
loss in finding out the PKCS#12 API usage.
How can I store and retrieve information from/to SecretBags after
pkcs12_create()/pkcs12_parse()? I couldn't find appropriate medium-level
API to manipulate SecretBags despite the below statement in Changelog. I
would be grateful if you could give me the pointers to sample programs as
well.
Regards
MauMau
----- Original Message -----
From: "MauMau" <maumau...@gmail.com>
To: <openssl-users@openssl.org>
Sent: Wednesday, June 20, 2012 8:48 PM
Subject: How can I use OpenSSL to store symmetric encryption keys in PKCS#12
file?
Hello,
Please let me ask you for information and ideas about how to use OpenSSL
effectively to implement encryption for data storage.
I'm designing an encryption feature for a certain kind of data management
system. I want to implement the following features, which I think are
common to disk and database encryption.
[Characteristics of the target storage encryption]
1.Only a daemon program reads and writes data in data files on behalf of
users.
2.The daemon encrypts regular files on file systems (e.g. ext4 on Linux,
NTFS on Windows) using AES128-XTS or AES256-XTS when it writes out those
files. It decrypts data when the when it reads the data from files.
3.All files in a directory are encrypted with the same "data encryption
key." Individual directories have their own data encryption keys.
4.The data encryption keys are encrypted with a "master encryption key"
and stored in a file in the same directory where the target data files are
placed.
5.The data encryption keys and the master encryption key are randomly
generated.
6.The master encryption key is stored in a location that the administrator
specifies. Currently, I'm thinking of a regular file for ease of use. In
addition, I want to support HSM in the near future.
7.The administrator sometimes changes the master encryption key.
Re-keying operation retains the old master encryption keys in the same
file.
[Questions]
Q1:
I want to encrypt the master encryption key with an administrator-supplied
password. I'm considering storing the master encryption keys in SecretBag
entries of a PKCS#12 file, i.e. use one SecretBag per one master
encryption key.
How can I store and retrieve information from/to SecretBags after
pkcs12_create()/pkcs12_parse()? I couldn't find appropriate medium-level
API to manipulate SecretBags despite the below statement in Changelog. I
would be grateful if you could give me the pointers to sample programs as
well.
*) Add new 'medium level' PKCS#12 API. Certificates and keys
can be added using this API to created arbitrary PKCS#12
files while avoiding the low level API.
Q2:
By default, the administrator has to enter a password to decrypt the
master key file when he starts the daemon program. The daemon reads the
master key file, decrypts the master keys with the supplied password, and
load the master keys in memory.
In addition, I want to allow the daemon to start without administrator
intervention. What way do you think is secure?
Disk encryption software such as FreeOTFE and TrueCrypt don't seem to
support auto-start feature. The user needs to enter password to mount
encrypted volumes.
However, Oracle Database supports this bye the feature called "auto-login
wallet":
http://docs.oracle.com/cd/E11882_01/network.112/e10746/toc.htm
The relevant sections are:
3.2.1.2 Using Wallets with Automatic Login Enabled
3.3.1.2 Using an Auto Login Wallet
9.4.14 Using Auto Login
Oracle stores master keys in a PKCS#12 file called Oracle Wallet
(ewallet.p12). ewallet.p12 is encrypted with a user-supplied password.
If the administrator enables auto login, Oracle creates an obfuscated copy
of ewallet.p12 in the file cwallet.sso. When the cwallet.sso exists, the
database server starts and loads master keys without administrator
intervention. Furthermore, if the administrator enables "auto local
login", the cwallet.sso can only be used on the machine where it was
created. Therefore, attackers cannot use the master key file on their
machines.
How do you think this can be implemented with OpenSSL?
Q3:
Is there any good software keystore which I can use to store symmetric
master keys using C API? The only one I found is SoftHSM, which provides
PKCS#11 API. However, it seems that SoftHSM can only be used with
OpenDNSSEC, and cannot be used as a standalone keystore.
Home - SoftHSM - OpenDNSSEC
https://wiki.opendnssec.org/display/SoftHSM/Home
Sorry for my long mail. I appreciate any comments and suggestions.
Regards
MauMau
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
