I’m trying to create application-layer encryption for user data in my database, using password derivation function. But there is a problem, that there must be an admin user, who can access all user’s encryption keys, for password reset functionality and some other things. I don’t like the fact that all encryption system security can be broken with just one admin password. I’ve asked for an advice here How can I improve the application administrator’s encryption keys security inside database
I was advised to compile an admin encryption key not from a password but from another source (admin computer system information, for example), so it can’t be brute-forced, and then pass it to the database server.
It is a good approach, however, this complicates admin mobility and system recovery in an event of key loss, and these requirements are mandatory to accomplish.
So, I come up with this idea:
- Give my admin PKI certificate (RSA 2048 bit for example)
- Get some static string (“password” for example)
- Make a digital sign out of this static string using the certificate’s private key
- Send this digital signature to the database server, and use it there as an encryption key.
At first glance, I don’t see any great flaws with this approach, but I couldn’t find that someone has done anything similar before, so I want to ask you to help me to validate my vision.
Continue reading Is it safe to use a Digital Signature created with a PKI certificate’s private key as a password→