I'm looking for a secure way to store authentication keys in the database.
There are 2 accounts that need access to the information
1. The interactive user that stores the info, each user of the system only has access to her/his keys
2. A system user (batch process) needs to be able to access that data for all users.
The ABL does not provide native asymmetric encryption.
Your method appears to allow any user with the batch user's public key ( i.e. everyone) to overwrite any other user's key. It also prevents the user from recovering their own key value (because they do not have access to the batch user's private key). Perhaps I'm just missing the details.
I'd suggest storing them in encrypted format, using ENCRYPT/DECRYPT function.
You'll probably want to do the encryption as last step of the key generation. If/when/how you'll decrypt them depends on the rest of your application.
[/collapse]Reply by Frank MeulblokI'd suggest storing them in encrypted format, using ENCRYPT/DECRYPT function.
You'll probably want to do the encryption as last step of the key generation. If/when/how you'll decrypt them depends on the rest of your application.
Stop receiving emails on this subject.Flag this post as spam/abuse.
Hi Frank,
Thanks for the reply, I should have been clearer in my question.
I'm looking for a strategy to share the encryption key between a user and the batch process.
I think I could use asymmetric encryption. Is that available in the ABL ?
Using asymmetric encryption a user could encrypt his encryption-key using the public key of the batch user.
The batch user would then decrypt the user's encryption key with his private key.
The ABL does not provide native asymmetric encryption.
Your method appears to allow any user with the batch user's public key ( i.e. everyone) to overwrite any other user's key. It also prevents the user from recovering their own key value (because they do not have access to the batch user's private key). Perhaps I'm just missing the details.