I'm designing an app that receives sensitive data input from a user and that data needs to be saved securely in a database. As far as I understand it needs asymmetric encryption but since this app has a login to authenticate. I need this previously saved data to be read again by the user without serious security problems and I need the keys not to be saved locally. I don't know how to do it because it's my first project that requires these specifications. I was thinking of creating a strong authentication, perhaps using an otp.
4
-
Welcome to the community. I think using a decent cloud provider's key vault or whatever it's called service is what you're looking for. I apparently cannot specifically name the service names...Sir Muffington– Sir Muffington2023-02-27 17:37:31 +00:00Commented Feb 27, 2023 at 17:37
-
2"As far as I understand it needs asymmetric encryption" why do you think that's the case?user284677– user2846772023-02-27 18:42:43 +00:00Commented Feb 27, 2023 at 18:42
-
Idk, i need the most secure way to store this sensitive data, maybe asimmetrical encryption its right. I have another question, is it possible to do reverse engineering and catching the database s credentials using the function mysql.connector.connect()?mic f– mic f2023-02-28 11:54:21 +00:00Commented Feb 28, 2023 at 11:54
-
the reason for using asymmetric encryption is so you can hold the public keys (the means to encrypt) on the internet-facing server, without holding the private keys (the means to decrypt) - however, this implies a one-way op ; if you need the user to be able to view and revise prior input, then you need the private and public (or shared, symmetric) keys at some point during processing - this depends entirely on your app requirements ; if your db creds are on the compromised server then you don't need to rev-engineer anything, simply read creds from the same source as the authorised softwarebrynk– brynk2023-03-13 10:09:09 +00:00Commented Mar 13, 2023 at 10:09
Add a comment
|