So i have an encryption key which i will use to encrypt data or sign data with it. But in order make it possible to ensure the data integrity, i have to keep the key secret. So i thought of spliting the key into many pieces and place them in different locations, but could only think of few.
1.Store it in the same server of the application
i will be storing the key in applications configuration file, which will be stored outside of the application public file and will be imported into the application.
2.Store it in the database
having a piece of the key inside the database and will be fetched by the application when needed.
3.Store on a different file server.
application server will do a call to a another server to fetch a piece of the key. The communication between these servers will be RSA encrypted.
4.Store it in RAM
seems like a good idea, but requires to alot of maintenance, need to be added to RAM manually at each startup.
5. use AWS KMS ?
this something i just discovered recently, looking into it but looks promising how they handle the keys and their ways to ensure integrity, would love to hear some thoughts from people who have used AWS
But all this is weak, if the application server is compromissed then the key can be collected, and i have been searching the web for more ideas, but to honest they all seem to be weak and desperat measures.
