Cold Storage with One-Way RSA Encryption #43

noah · 2024-05-30T06:30:31Z

noah commented

2024-05-30 06:30:31 +00:00

Adds a cold storage feature for one-way encryption on disk of sensitive files.

The first use case: if a user is challenged to upload a secondary photo ID for certification, then once approved, the image they uploaded is written to cold storage with one-way encryption where the keys to decode it are not stored on the web server (to reduce risk in case of a hack or data breach).

To Do:

Testing, including automated unit tests!
Documentation

Some notes:

Initialization

The cold storage keys are initialized automatically when the web server reboots after this update has been installed.

In settings.json the Encryption / ColdStorageRSAPublicKey setting will hold the RSA Public Key for cold storage.
When the value is not present, new RSA keys are generated.

The directory ./coldstorage/keys is created and private.pem and public.pem are written, which will be the RSA keys. The public key is also written to settings.json. Note: the site only uses the key from settings.json, so the coldstorage/keys/ folder can be removed from the server.

Importantly, the private.pem file SHOULD be removed from the server for safety.

The admin dashboard page will show a warning if the private.pem file is still at its original location.

Encryption

When a file is moved into cold storage:

A fresh new AES symmetric encryption key is generated from scratch.
The AES key is encrypted with the RSA public key and written to a ".aes" file in the coldstorage/ folder.
The original file moving to cold storage is encrypted with the AES key and written to a ".enc" file in the coldstorage/ folder.

Because the production web server only has the RSA public key, the generated AES key is not able to be decrypted by the web server. The .aes + .enc output files are the pair needed to recover the original file from cold storage.

Decryption

Decrypting a file from cold storage is an action done manually using the private RSA key file which is kept offline from the web server.

The nonshy Go program has a coldstorage sub-command that enables decoding it. Usage is like:

nonshy coldstorage decrypt \
    --key private.pem \
    --aes encrypted-file.aes \
    --input encrypted-file.enc \
    --output decrypted.jpg

The requirements for this command are:

The RSA private key file.
The (encrypted) AES key file from cold storage (.aes)
The (encrypted) cold storage item itself (.enc)

The decrypt algorithm then is basically:

Decrypt the AES key file using the RSA private key
Decrypt the cold storage item with the AES key
Write the plaintext item to the output file

Adds a cold storage feature for one-way encryption on disk of sensitive files. The first use case: if a user is challenged to upload a secondary photo ID for certification, then once approved, the image they uploaded is written to cold storage with one-way encryption where the keys to decode it are not stored on the web server (to reduce risk in case of a hack or data breach). To Do: * [x] Testing, including automated unit tests! * [x] Documentation Some notes: ## Initialization The cold storage keys are initialized automatically when the web server reboots after this update has been installed. * In settings.json the Encryption / ColdStorageRSAPublicKey setting will hold the RSA Public Key for cold storage. * When the value is not present, new RSA keys are generated. The directory `./coldstorage/keys` is created and private.pem and public.pem are written, which will be the RSA keys. The public key is also written to settings.json. **Note:** the site only uses the key from settings.json, so the coldstorage/keys/ folder can be **removed from the server**. Importantly, the private.pem file SHOULD be removed from the server for safety. The admin dashboard page will show a warning if the private.pem file is still at its original location. ## Encryption When a file is moved into cold storage: 1. A fresh new AES symmetric encryption key is generated from scratch. 2. The AES key is encrypted with the RSA public key and written to a ".aes" file in the coldstorage/ folder. 3. The original file moving to cold storage is encrypted with the AES key and written to a ".enc" file in the coldstorage/ folder. Because the production web server only has the RSA public key, the generated AES key is **not able to be decrypted** by the web server. The .aes + .enc output files are the pair needed to recover the original file from cold storage. ## Decryption Decrypting a file from cold storage is an action done manually using the private RSA key file which is kept offline from the web server. The `nonshy` Go program has a coldstorage sub-command that enables decoding it. Usage is like: ```bash nonshy coldstorage decrypt \ --key private.pem \ --aes encrypted-file.aes \ --input encrypted-file.enc \ --output decrypted.jpg ``` The requirements for this command are: 1. The RSA private key file. 2. The (encrypted) AES key file from cold storage (.aes) 3. The (encrypted) cold storage item itself (.enc) The decrypt algorithm then is basically: 1. Decrypt the AES key file using the RSA private key 2. Decrypt the cold storage item with the AES key 3. Write the plaintext item to the output file

noah added 1 commit 2024-05-30 06:30:32 +00:00

Cold Storage with One-Way RSA Encryption 6f5127dd56

noah added 1 commit 2024-05-30 23:59:40 +00:00

Unit tests and code cleanup for cold storage cc82fec108

noah merged commit 4709e095f8 into main

2024-05-31 00:01:32 +00:00

noah deleted branch coldstorage

2024-05-31 00:01:32 +00:00

noah referenced this issue from a commit

2024-05-31 00:01:33 +00:00

Merge pull request 'Cold Storage with One-Way RSA Encryption' (#43) from coldstorage into main

Sign in to join this conversation.