My client wants to secure a set of data from all the users, even the programmer should not able to access it at any cost. I was heard about public key/private key data encryption in which any one can access the public key but only the person who know the private key can decrypt the encrypted data. So that at the data entry time, using the public key, we can encrypt the data, store it in database and at the time of retrieval, can ask for private key, decrypt & produce the data. Is this a good solution? Please advice me if any of you are familiar about it. Thank you.
Joined: Sep 16, 2004
Security forum is ment for this kind of questions.
The standard API for encryption in Java is called JCE (some links are here). But if you don't trust your developers, you'll have to go to some length to ensure that they're not inserting code that spies on the cleartext before it's encrypted or after it's decrypted.
Ulf makes a good point - if you don't trust your programmers, I suggest you get a set of programmers that you do trust. Now if you are just using "even the programmers" as a metaphor for "assume the most restrictive access controls", then the answer to your question is _yes_, you want to use PKI.
PKI works on the concept of 2 keys that share a relationship, but I can't derive the other one if I have one of the keys. One key is used to encrypt data, and only the other key may decrypt the data.
The issue is "how do I show the user what they've entered?" If only you have the private key, once the user submits the data - not even they can decrypt it. (If you share your "private" key with the user, it's not very private any more.)
A good way to do this is to actually sit down and evaluate the level of security your data needs. Rather than doing a blanket "encrypt it all and let God sort it out!" approach, take a more rational view of the data and try to encrypt only what actually needs to be encrypted.
Also, you need to carefully evaluate who should actually be able to see the data. If you only want a single individual to be able to see the data, then PKI will work. If you want more than one individual to see the data, it make require a more thought-out approach.