0

An application uses RSA to encrypt small texts before persisting in database, using public key of the end node of the application. Only these end nodes must be able to decrypt thge ciphers and only they have the corresponding private key. Size of plain texts to be encrypted is way smaller than the RSA keys. Keys are stored and distributed in X509 certificates.

Question: When end node's certificate is to be renewed, persisted ciphers need to be re-encrypted? Unless the updated certificate use the exact same private key in the renewed certificate? Can I controll this process using public CAs or is this only controllable using self-signed certs?

2 Answers2

1

You must use a process called Envelope Encryption.

You need two keys:

1. DEK - Data Encryption Key:

This is the symmetrical key you will use for all data encryption/decryption. It must be generated using a CSRNG, and you never store it in plain. You encrypt it with the KEK, and store only the encrypted version.

2. KEK - Key Encryption Key:

This key is a keypair, and depends on the certificate. You use the public key to encrypt the DEK, and store the encrypted version of it. Every time the certificate is to be renewed, you generate the new certificate, decrypt the DEK with the old private key, encrypt it with the new public key, and store it.

ThoriumBR
  • 51,983
  • 13
  • 131
  • 149
0

The end node should retain the private keys associated with the public keys in any expired certificates - for the very reason that you describe in your question. This way, the end node can decrypt any messages that were previously encrypted using a public key in a certificate that has now expired.

See Does a renewed certificate open old messages? for a similar question.

mti2935
  • 21,098
  • 2
  • 47
  • 66