2

Say I have symmetric key which I want to store securely. One way is I will store this key on file system encrypted using user password.

Then user at windows startup will enter password which will be stored in RAM. The key will be encrypted/ decrypted using this password when needed. Hence, on the file system the key always remains encrypted using user's password.

The idea is it should not be trivial to retrieve password from RAM. So this way at least I have in "some" way protected my key right?

Now my problem is if the computer (Windows) reboots, there will be none to enter the password.

What can I do in such situation? What options I have to store key in such situation securely? e.g. so that computer reboots are possible

  • Is this for a server or desktop app? From who are you trying to protect the key? – Neil McGuigan Nov 14 '15 at 02:39
  • @NeilMcGuigan:This is client app. Someone may phisyically get close to PC and get access to it, there is no password - because software must work if computer restarts –  Nov 14 '15 at 09:30

3 Answers3

5

You want the key recoverable upon reboot and without a user present, so proposing to encrypt it with a user password and store it in RAM goes against your requirement for a recoverable key. So, encrypting it with user password is a non-starter. Let's reject that proposal.

Instead, we will need to store it in a recoverable form (i.e. in plaintext or encrypted with a key which then needs to be stored in a recoverable form). That is, we have a recursive problem - one without end. I realize you really, really like your idea and are asking a lot of different questions in order to solve the problems you have. I think that's fantastic.

However, the problems won't go away. I refer you to the answer in this exchange sub-titled "Conceptual Problem" in which is described the concept: We cannot protect a computer from itself.

This section makes it clear that if you wish to have a standalone machine recover its own key (or credential) without human intervention, you cannot prevent its theft from allowing it to be used elsewhere.

Andrew Philips
  • 1,431
  • 8
  • 11
1

None. Storing the key in a way you can access it after a reboot is the same as storing the user password. And that is a very bad idea.

marstato
  • 2,285
  • 14
  • 11
  • It's not the same as storing a user password if the store key is unique to the user/server pair, which it probably is. I'm not sure OP method is secure, but when a program on a machine needs to run without user intervention, the credentials must be stored in a recoverable format, right? – Andrew Philips Nov 14 '15 at 16:24
  • Correct. If the machine can access the key without the user entering the password (e.g. storing the password or the key), an attacker can, too. – marstato Nov 14 '15 at 18:25
  • Right, but we have to compromise on something. Either the machine has a recoverable credential it uses for network authentication or we have no network authentication. No net auth is worse than recoverable credentials. Therefore, OP should store the credential safely and recoverably. You've advised against that. I believe that advice is unwarranted given the circumstance. – Andrew Philips Nov 14 '15 at 18:40
  • @AndrewPhilips: I hope I have made the question clear, please let me know if my context is unclear. –  Nov 14 '15 at 20:31
  • @AndrewPhilips the OP did not say anything about network auth in the use-case. But, as you detailed out in your answer, that still does not remove the recursive issue: removing the human interaction means removing the security that comes with it. – marstato Nov 15 '15 at 03:44
  • @marstato, fair enough. OP is enamored with a protocol he has devised that is ill advised. Check out questions, you'll see the pattern. You're right, in this context. Cheers. – Andrew Philips Nov 15 '15 at 05:06
  • @AndrewPhilips:I didn't design any protocol really, where did you see that? I am just looking for secure key storage approach yet. Where did you see my protocol? –  Nov 15 '15 at 10:18
0

As others have noted, storing a key securely cannot be accomplished by software alone. You need a hardware security device in play to provide persistent secure storage of data at rest.

If your target device has a TPM, this is what it's for. There are APIs you can use to wrap secrets using the TPM's platform configuration registers.

(Storage in RAM is a problem you may not be able to solve. You have to have the key in RAM to actually do anything with it, so it's got to be dumpable at some point. Best practice will depend on what the key is actually used for.)

Reid Rankin
  • 1,082
  • 5
  • 10
  • I agree. I want to add: when using a TPM, the key can be removed from RAM immediatley after an operation completes it was required for. This requires dainty memory management, but it reduces the risk in case of a memory-dump or coldboot attack to the minimum. – marstato Nov 15 '15 at 13:42