AGB  ·  Datenschutz  ·  Impressum  







Anmelden
Nützliche Links
Registrieren
Zurück Delphi-PRAXiS Programmierung allgemein Datenbanken Delphi Wie Speicher ich den Schlüssel für verschlüsselte Datenbanken oder Dateien
Thema durchsuchen
Ansicht
Themen-Optionen

Wie Speicher ich den Schlüssel für verschlüsselte Datenbanken oder Dateien

Ein Thema von QuickAndDirty · begonnen am 30. Aug 2023 · letzter Beitrag vom 6. Sep 2023
Antwort Antwort
Seite 3 von 3     123   
Kas Ob.

Registriert seit: 3. Sep 2023
351 Beiträge
 
#21

AW: Wie Speicher ich den Schlüssel für verschlüsselte Datenbanken oder Dateien

  Alt 3. Sep 2023, 12:07
Hi,

CryptProtectData and its companion API, are good as they encrypt and store the encrypted data on a local machine, but it comes with few cons, the ability to decrypt from within the system, by either an application running with same user, or any an application running on any user, all you need is to extract the entropy from the application.
USB and TPM also not that viable for portability.
Better the above is using the LDAP, but again this has its own cons.

I solved this in two ways over the years and hope you finds them useful:

1) My data bank server will load (grab) the key from another different location over the wire (internet or local network), the connection is secure, also that server is a windows service, that detect any login for Windows user and delete the key from the memory, meaning stop the server operation until no more user are logged on the system, then grab the key again, in fact i use it a little differently, the server on detecting a connection it does encrypt all the high value and critical data in memory to make sure, then proceed to march them to the controller, if failed to march them then it will dump them encrypted on the disk with a already supplied key from the controller and will not be able to decrypt them without an admin interaction on the controller side.

2) For easier deploy also when many instances will be used, I use WinLicense https://www.oreans.com/WinLicense.php https://www.oreans.com/help/wl/
It has its own highly protected storage that support custom data in the licensing key https://www.oreans.com/help/wl/hm_cu...-in-licens.htm
It also can lock the license key to a hardware and this will make things way easier by deploying and then apply licenses that have hidden encryption keys.
Kas
  Mit Zitat antworten Zitat
Kas Ob.

Registriert seit: 3. Sep 2023
351 Beiträge
 
#22

AW: Wie Speicher ich den Schlüssel für verschlüsselte Datenbanken oder Dateien

  Alt 5. Sep 2023, 14:57
Sorry for the screenshot, but for now this what i can post and hope you find it useful


Hi,

CryptProtectData and its companion API, are good as they encrypt and store the encrypted data on a local machine, but it comes with few cons, the ability to decrypt from within the system, by either an application running with same user, or any an application running on any user, all you need is to extract the entropy from the application.
USB and TPM also not that viable for portability.
Better the above is using the LDAP, but again this has its own cons.

I solved this in two ways over the years and hope you finds them useful:

1) My data bank server will load (grab) the key from another different location over the wire (internet or local network), the connection is secure, also that server is a windows service, that detect any login for Windows user and delete the key from the memory, meaning stop the server operation until no more user are logged on the system, then grab the key again, in fact i use it a little differently, the server on detecting a connection it does encrypt all the high value and critical data in memory to make sure, then proceed to march them to the controller, if failed to march them then it will dump them encrypted on the disk with a already supplied key from the controller and will not be able to decrypt them without an admin interaction on the controller side.

2) For easier deploy also when many instances will be used, I use WinLicense from "oreans.com"
( i posted this yesterday few times and there was some redirection of the page notifying that my post should be approved by administrator, so i re-posting without links in case it is the problem)
It has its own highly protected storage that support custom data in the licensing key , custom data in this case can be you encryption key
oreans com -> support -> online help WinLicense -> Licensing with WinLicense -> Customizing features in licenses

Zitat:
WinLicense offers a more flexible approach and allows you to insert a buffer (ASCII or UNICODE) of up to 6400 bytes when generating the license (in the Custom Data field). You can put any information that you want and you can check it in runtime by calling the function WLRegGetLicenseInfo. There are not restrictions about the format of the Custom Data information that you insert. The information that you set in the Custom Data when creating the license, it's the one that it's returned by the WLRegGetLicenseInfo function.
It also can lock the license key to a hardware and this will make things easier by deploying and then apply licenses that have hidden encryption keys to specific station that can't be used on other devices.
Kas
  Mit Zitat antworten Zitat
Kas Ob.

Registriert seit: 3. Sep 2023
351 Beiträge
 
#23

AW: Wie Speicher ich den Schlüssel für verschlüsselte Datenbanken oder Dateien

  Alt 5. Sep 2023, 14:57
It did went through !!, may be the "Hi" thingy.
Kas
  Mit Zitat antworten Zitat
Benutzerbild von himitsu
himitsu

Registriert seit: 11. Okt 2003
Ort: Elbflorenz
44.071 Beiträge
 
Delphi 12 Athens
 
#24

AW: Wie Speicher ich den Schlüssel für verschlüsselte Datenbanken oder Dateien

  Alt 5. Sep 2023, 15:49
Zitat:
cons
I want to move access to the foreign cloud from the client applications to our server application.
This service is currently still running as a system user for too many customers, but in the future it will be a separate user account.

Either way, from the client computers, as well as as a "simple user" on the server, you wouldn't normally have access to the user account used by the service.


Currently, the client mostly still uses a database connection with SuperUser authorization, so that it would theoretically be easy to get the password that is stored in the database.
And the password has to be decryptable in order to use it for login, I can't hash it.
Unfortunately, the API does not offer the possibility of a restricted API key for the connection.

In addition, the RESTful service runs into a timeout every 30 minutes, so that so far after at least 30 minutes the user + password, almost unencrypted, goes from the client to the Internet, which in future will only happen from the more protected server, which normal users will access less have access.
Neuste Erkenntnis:
Seit Pos einen dritten Parameter hat,
wird PoSex im Delphi viel seltener praktiziert.
  Mit Zitat antworten Zitat
QuickAndDirty

Registriert seit: 13. Jan 2004
Ort: Hamm(Westf)
1.930 Beiträge
 
Delphi 12 Athens
 
#25

AW: Wie Speicher ich den Schlüssel für verschlüsselte Datenbanken oder Dateien

  Alt 6. Sep 2023, 10:16
It did went through !!, may be the "Hi" thingy.
HI
Thanks for your suggestion. This sounds like very sophisticated system you have.
Also double thanks for taking the effort to read/translate all those German posts, just to provide me with help.
Andreas
Monads? Wtf are Monads?
  Mit Zitat antworten Zitat
Kas Ob.

Registriert seit: 3. Sep 2023
351 Beiträge
 
#26

AW: Wie Speicher ich den Schlüssel für verschlüsselte Datenbanken oder Dateien

  Alt 6. Sep 2023, 14:27
It did went through !!, may be the "Hi" thingy.
HI
Thanks for your suggestion. This sounds like very sophisticated system you have.
Also double thanks for taking the effort to read/translate all those German posts, just to provide me with help.
You are welcome !, though the thanks for translations goes for glo-glo
Kas
  Mit Zitat antworten Zitat
Antwort Antwort
Seite 3 von 3     123   


Forumregeln

Es ist dir nicht erlaubt, neue Themen zu verfassen.
Es ist dir nicht erlaubt, auf Beiträge zu antworten.
Es ist dir nicht erlaubt, Anhänge hochzuladen.
Es ist dir nicht erlaubt, deine Beiträge zu bearbeiten.

BB-Code ist an.
Smileys sind an.
[IMG] Code ist an.
HTML-Code ist aus.
Trackbacks are an
Pingbacks are an
Refbacks are aus

Gehe zu:

Impressum · AGB · Datenschutz · Nach oben
Alle Zeitangaben in WEZ +1. Es ist jetzt 06:05 Uhr.
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO © 2011, Crawlability, Inc.
Delphi-PRAXiS (c) 2002 - 2023 by Daniel R. Wolf, 2024 by Thomas Breitkreuz