Cryptography in the Database: The Last Line of Defense

Author: Kevin Kenan
4.1
This Month Stack Overflow 1

Comments

by anonymous   2019-01-13

Question 1: Encrypt server side or client side?

The only advantage of client-side encryption would be performance: remove the burden of your server from doing this work, pass it off to the end user machine.

However, there is a very big disadvantage: security. If you are encrypting everybody's data with the same key, then now everybody has access to that key, because it needs to be delivered to the client for decryption. You have entirely defeated the purpose of the security, because the cryptographic key now lives everywhere.

What about encrypting every user's data with different keys? That's a can-of-worms question, because you need to then consider where you are storing all the cryptographic keys. If it is in the same database as the data, you have again defeated the purpose of encryption -- putting the keys and data together is a no-no. You can come up with arbitrary solutions around this, but I assure you there are many considerations and you are inviting a lot of complexity.

Question 2: Is your approach reasonable?

Yes it is, but you need to understand what you are protecting against. Encryption at rest mainly protects a database (including backups) provided that the encryption key never gets put in the same place as the database. Managing the encryption key is something that needs to be carefully considered. There is good guidance on that if you care to research it, but it really is the task of a security architect to design this right.