CodeIgniter Forums

Full Version: Obfuscating encryption_key
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I am currently writing a web app where much of the data stored in the database will be encrypted using the CI encryption library.

The obvious single point of failure here is the encryption key which is stored in plain text in the config file and so I'm trying to think of ways to either obfuscate this or at least make it harder to recover in the event that the server is compromised.

The best solution that I have so far come up with is to store the encryption_key in a file external to the server on amazon AWS and restrict access to this file to the IP of the web app server. I would probably base64 encode this too.

As I see it this would protect the sensitive data in the case that the server is compromised as, assuming the breach was momentary, if the external file containing the base64 encoded encryption_key was not downloaded then the data would be safe.

I'm not particularly strong on encryption and data security and was wondering if anyone could suggest improvements to this system, or an alternative method. I appreciate that I'm not going to be able to achieve absolute data security I'm just trying to make things as hard as possible in the event of a full server breach.

Thanks,

John
If the server is compromised to the point where they can read the plain text in a config file then they are probably able to have their way with the code that retrieves the key from a secondary, external server. I don't mean to say storing the key on a different machine is a bad idea only that it's not enough.

This article will give you some useful thoughts on the matter. And this article has a reasonable examination of key management along with additional information resources.
I'd take a look at AWS Key management store. They can rotate keys for you in environment variables which is securely passed in via the aws sdk.
Forgot to turn on notifications and only just spotted these replies!

AWS key rotation is something I was considering. I need to put some thought into how I will re-encrypt everything in the database when the key changes if I did go down this path.

Also thanks dave friend for the links, a lot of food for thought in them.

I find encryption/security quite a tricky area to make good decisions on what is the most appropriate strategy for a particular site.

For the site in question, it is IP restricted, has 2FA implemented, MariaDB Data-at-rest encryption as well as the sensitive data encrypted in the database. Probably the weakest link now is if an attacker gained entry via cPanel.