Created
March 13, 2013 00:21
-
-
Save kyledrake/5148363 to your computer and use it in GitHub Desktop.
Idea for storing an SSN (or CC#, or anything confidential) on a database, preventing an attacker from looking at it by hiding the private key on an offline machine using rbnacl.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'rbnacl' | |
# Idea for storing an SSN (or CC#, or anything confidential) on a database, preventing an attacker from looking at it by hiding the private key on an offline machine. | |
# Private key would be generated somewhere other than the web application. | |
private_key = Crypto::PrivateKey.generate | |
# Given to a web application: | |
public_key = private_key.public_key | |
crypto_box = Crypto::Box.new public_key, private_key # <- how do I not require the private key here? is it needed to encrypt? | |
nonce = Crypto::Random.random_bytes(24) | |
message = 'SSN, CC# go here' | |
cipher_ssn = crypto_box.box(nonce, message) | |
# nonce and cipher_ssn get stored to database. Attacker cannot view the SSN because the private key would not be available to the web application. | |
# meanwhile, somewhere else in the universe.. | |
crypto_box = Crypto::Box.new(public_key, private_key) | |
puts crypto_box.open(nonce, cipher_ssn) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What you can do is something like what follows. Note that this throws away the mutual auth properties of the box construction, so we can no longer be sure it came from the web application, as anyone could do this. This can be mitigated by adding in second keypair for signing messages. (though any compromise of the server likely reveals the signing key, so it's not a perfect solution)