I am receiving sensitive data over an HTTPS connection and need to store this on disk, encrypted so no one can tamper with it, but for reading later on. Each user in the system has a password. What is the best way to go about this?
1) Topics like this, this and this suggest using a password and something like PBKDF2 to generate a key, which can be used to encrypt the key that encrypts the data. Am I right in understanding this?
2) If so, should the key that encrypts the data also be derived from the user password? To me this sounds shady, to say the least.
3) Is it possible to hijack after the binary has received an HTTPS response, but before it is being encrypted? If so, would it be better to encrypt on the server? In what way would this change the protocol?
Aucun commentaire:
Enregistrer un commentaire