I’m trying to implement file encryption within my project, but I’m wondering as to best practices for key storage.
Our application is deployed to various client groups. Each group consists of multiple geographical sites, each in turn consisting of multiple users. Users create files which are then synchronised with other sites via a central synchronisation server. These files must be encrypted at point-of-save, and only be decrypted when loaded at a client site.
As such, any symmetric key needs to be unique at group-level, and be stored securely at each site.
We’re using AES but the key is currently hard-coded and stored within the application, so is both easily accessible via decompilation and the same for all clients, which is worrying me considerably. It seems pretty trivial to hack this kind of setup once you have access to our application.
So, how would one go about ensuring generation of a unique key for each group, and then securely storing that key at each site?
The only really secure way of keeping a single symmetric key is making them enter a passphrase/password and generating a key from that. That way your application doesn’t know the key without user input.
Either that or supplying the key in some individual file that they would need to give to the application (via interface, registry or simply placing it at appropriate path) in order for encryption to work.
In the end, security always comes down to the users.