encryption – Does PGP passphrase necessary if I store private key and passphrase in the same place?

I’m building a system that generates PGP key and store private key in secret vault. One thing I’m not fully understanding is the need for passphrase.

I can generate a random passphrase during the key generation and then store it in the secret vault along side with the private key, but I’m wondering if it has any benefit. If I store both passphrase and private key in the same place and that place can be considered secure, is there any additional benefit of using the passphrase? Or just storing the private key securely is enough?

disk encryption – ZFS on LUKS2 encrypted device: LuksFormat with or without dm-integrity?

Does it make sense to combine ZFS with LUKS2 for completely random-looking encryption on HDDs ? (Without luks-header on the disk of course, header placed elsewhere). The goal is to make a HDD really look like random data, since as I’ve learned ZFS built-in encryption is still telling us that it’s actually a ZFS encrypted volume you’re looking at, instead of being really just random data.

If yes, what would you use ?

  • a) Rather a simple integrity-free LUKS2 format since ZFS is taking care of integrity in upper layer already, or
  • b) LUKS with integrity ? (It might cause double write lag, once because of integrity checksum creation on the lower layers and then again in ZFS layer, but not sure. And probably bring in a little more complication in case of a physical failure or bit rot).

What happens at all when a bit flip is happening on an integrity-free conventional LUKS device ? Will that logical LUKS sector appear as 1 bad sector on the mapper device ? (Which would then be sensed by ZFS in a mirror setup and corrected/replaced elsewhere on the mapper device, I assume).

Setup would be a zfs raidz1,raidz2, raidz3, or mirror with 2+ drives so not only error detection but correction is granted too. Debian 10, ZoL.

I might install a smaller decoy OS (W10, Ubuntu..) onto the first ~50GB and run it occassionally .. (placing the encrypted part just behind it onto remaining empty space).

This method would allow a HDD to look like a harmless newbie setup, I’m not sure I want to complicate my life with Veracrypt & Co. and I’d like to stick to ZFS because I simply love it. It’s only the lack of unrecognizably-random-looking encryption in ZFS which makes me thinking about pushing a LUKS2 layer beneath it. (I believe more in distraction than in unbreakable encryption btw).

encryption – Solution to User Initial HTTP Requests Unencrypted Despite HTTPS Redirection?

It is my understanding that requests from a client browser to a webserver will initially follow the specified protocol e.g, HTTPS, and default to HTTP if not specified (Firefox Tested). On the server side it is desired to enforce a strict type HTTPS for all connections for the privacy of request headers and as a result HTTPS redirections are used. The problem is that any initial request where the client does not explicitly request HTTPS will be sent unencrypted. For example, client instructs browser with the below URL command.

google.com/search?q=unencrypted-get

google.com will redirect the client browser to use HTTPS but the initial HTTP request and GET parameters were already sent unencrypted possibly compromising the privacy of the client. Obviously there is nothing full-proof that can be done by the server to mitigate this vulnerability but:

  1. Could this misuse compromise the subsequent TLS security possibly through a known-plaintext
    attack (KPA)?
  2. Are there any less obvious measures that can be done to mitigate this possibly through some
    DNS protocol solution?
  3. Would it be sensible for a future client standard to always initially attempt with HTTPS as the default?

cryptography – Is there any encryption mechanism where i can ensure that the decryption can only happen within my data center?

All decryption is only possible if you have the key (or sufficient computing power and time). If you want to be sure that the key never leaves the infrastructure, buy a High Security Module (HSM) (Thales, Utimaco and some others). These are hardware devices that allow you to do the decryption. There are many types, some (many?) including tilt and motion sensors.

But at some point, you might want to rethink your strategy. HSMs are really a niche market, and in my 25+ years experience, I’ve seen just 1 case where they were really necessary.

If you pass data over the Internet, surely the goal of that data sharing would be that the other party can use that data? Then, if the data at the other party is “exposed somehow”, all is lost anyway.

Or do you just not want that the data leaves the data centre? In that case: try using a stand-alone system.

If you’re communicating with a single (or limited number) of partners, symmetric keys would also be an option. Key management would be doable.

IOS PER-FILE KEY ENCRYPTION – Information Security Stack Exchange

I know that apple provides per-file key encryption .i.e. a separate encryption key for each file exists on the apple device. The Hardware Key and the Passcode are required to generate these random keys.

But once the device is unlocked then all the files can be accessed irrespective of the file protection class which signifies that if I want to read the files from a locked device then I should be breaking the passcode rather than finding the individual keys for all files.

I want to understand what is the actual reason for creating separate encryption key for each file? As there are 4 file protection classes available in ios, is it not feasible to use a single key for all the files belonging to same protection level? With this methodology only 4 encryption keys are required.

key management – Drawback of Multi Level Encryption

I am backing up my files to a RAID mirrored HDD, that has full disk encryption (FDE) in place with LUKS. Until now I did this with rsync, but I recently switched to a new backup program that does file level encryption as well.

So my question is: Is there any drawback of having multi levels of encryption, or is it actually an advantage? A drawback I can maybe think of would be managing two keys and forgetting one of them would potentially make my backup completely useless.

mysql – Can InnoDB data at rest encryption be overriden

I am exploring options for distributing a MySQL/MariaDB database with my app. I want to ensure users (even the root user) cannot view or manipulate data in my database/tables. Recent releases of MySQL and MariaDB have data-at-rest capabilities:

MariaDB
https://mariadb.com/kb/en/mariadb/why-encrypt-mariadb-data/

MySQL 5.7.11 comes with InnoDB tablespace encryption
https://dev.mysql.com/doc/refman/5.7/en/innodb-tablespace-encryption.html

But what is not clear to me is: Can the MySQL root user reset the encryption password on my database/tables to view or manipulate the contents?

How can I convert 128-bit AES encryption key to a string using Python?

I am trying to decode my 128-bit AES key in byte format to string to store it in the database. I have tried using Python built-in decode() with ascii and utf-8 codecs but I get the following errors:

UnicodeDecodeError: ‘ascii’ codec can’t decode byte 0xd9 in position 1: ordinal not in range(128)

UnicodeDecodeError: ‘utf-8’ codec can’t decode byte 0x94 in position 2: invalid start byte

I am using cryptography.io library for its implementation.

encryption – Preventing HTTPS Replay Attacks

A replay attack at the TLS level (and thus HTTPS) as you imagine would mean that some attacker could simply replay a captured TLS session or inject a previously captured packet into an existing TLS session.

None of this is possible: Replaying a full session cannot be done since the master_secret as the base for encryption includes both client and server random data, i.e. the master_secret does not depend on the client alone. Injecting a previously sniffed record is not possible since each record has a sequence number and simply replaying a record will be detected due to an old sequence number. Changing the sequence number will not work either since it is protected against manipulation like the rest of the record.

But if an attacker has access to the plain (unencrypted) request he can simply replay this request within some new TLS session. This would be HTTP level replay though and not TLS or HTTPS level replay.

My client relies on the hardware information from the system to validate one-user-per-subscription …

Based on this your client relies on the client not cheating in the first place – which is contrary to the attack vector you describe. But a client could do cheating: for example the client could run in some emulated environment which can be cloned and exhibit the same behavior in another system.

The client could also partially reverse engineer or hook your app to capture and modify the plain request before it gets send. This way it can capture the plain (unencrypted) request on one system and make sure that the other system uses the same request.

encryption – Parameters for HSM based symmetric Key Derivation Function (KDF)

I have a quick question regarding parameters for HSM based symmetric Key Derivation.

My situation is that I have to implement HSM based symmetric key derivation for encryption of sensitive data to be stored inside DB. Each data entry should have distinct AES-256 key used only for that records encryption. There are two cases:

  1. Users ID has to be encrypted with unique Key per user, so that it would be possible to search by this User ID. My idea was to use ID itself (known at the time) as a parameter to KDF to get predictable encryption key, and use it to encrypt and perform search (KEYhsm + IDuser -> KEYaes). I do not see how this differs from hashing, but requirements states that encryption should be used. Should I hash this ID before using it as a parameter?
  2. Second case is as stated before, that each record should use distinct Key for encryption. For this my idea was to use record GUID (stored next to encrypted data) as a parameter to KDF to generate symmetric Key (KEYhsm + IDresource -> KEYaes). Again, should I hash it, is this approach secure enough?

It would be really helpful if somebody smarter that me would review my approach and maybe give some hints for algorithms to use (HASH, KDF). I do not know HSM model and maker at the time, but my assumption is that this HSM will be able to use secure private key to generate symmetric AES-256 encryption keys.