1

I have a Java application (an ESB - Enterprise Service Bus) which deals with customer sensitive data and have a requirement of supporting Data encryption at rest in order to prevent data abuse.

The application stores customer data for processing on the file system and application interacts with it through java.io.File API. So basically, I need to encrypt the file before it is persisted on the file system by the application and then decrypt it before application reads it so that it can be parsed and processed.

Are there any good frameworks or libraries that can help me implement Data encryption at rest? I am planning to use PGP encryption/decryption for implementing Data encryption at rest.

I am looking for best and recommended approach for implementing Data encryption at rest within my Java application and any help shall be appreciated.

Aman
  • 1,018
  • 14
  • 25
  • Any reason why you are using files and not a database? Files can be a multi threading nightmare. – BCartolo Mar 27 '17 at 18:39
  • 1
    Note that "REST" is not really related to "at rest". – jonrsharpe Mar 27 '17 at 18:42
  • @BCartolo It is a legacy application which stores data for processing in the file system. Moreover, the data that is persisted in the file system is processed by a single worker thread - so we don't have any multithreading issues. – Aman Mar 27 '17 at 18:57
  • @jonrsharpe Can you please clarify more on your comment? The customer doesn't want its data to be present on the file system in plain text. So to prevent its abuse, the customer wants us to data encryption before persisting it to the file system. We already use SSL for the data in transit. – Aman Mar 27 '17 at 18:59
  • "REST" -> [Representational State Transfer](https://en.wikipedia.org/wiki/Representational_state_transfer), an API design pattern. "at rest" -> while not moving (while not in transit over a REST API, for example). – jonrsharpe Mar 27 '17 at 19:01
  • @jonrsharpe Sorry, my bad. I meant data encryption at rest and not REST aka. Representational state transfer. I have updated my question to correct it. Thanks! – Aman Mar 27 '17 at 19:05
  • Possible duplicate of [PGP Encryption and Decryption with Java](http://stackoverflow.com/questions/9596298/pgp-encryption-and-decryption-with-java) – BCartolo Mar 27 '17 at 19:09

1 Answers1

1

Why on Earth would you think pgp is the right tool for this? Seems to me that you only need a symmetric key solution, so pgp feels like the wrong answer.

Cryptography in Java is a minefield. Easy to do things wrong, hard to do things right.

Having said that, you have a better chance to not screwing up if you use BouncyCastle rather than something else. They have example code that shows you how to do various operations.

For encrypting data at rest, I recommend you use AES in either CBC mode or CTR mode. If using CBC mode, make sure you choose your IV in a cryptographic secure way (unpredictable). Also, never re-use an IV for any mode of operation.

You should also consider whether you need message integrity. General guidance about symmetric encryption here.

Even though people often get crypto wrong, the bigger problem is key management. That's a whole new can of worms (and don't be fooled into thinking pgp provides a solution to this: all it does is shifts the problem to somewhere else).

Community
  • 1
  • 1
TheGreatContini
  • 5,791
  • 1
  • 18
  • 25
  • Thanks for your answer. I am new in this area, so any guidance is appreciated. Can you tell me why AES is recommended in my case (for data encryption at rest for files that are stored in file system)? Is it the performance (because it used symmetric key?) Is it recommended encryption approach for large files (around 500MB)? Is there any performance metrics available for different encryption techniques? – Aman Apr 02 '17 at 03:28
  • AES is fit for this purpose. There is no reason to bring in public key cryptography without a vision on why you think you need it. You don't need that, and you really don't want that. AES has great performance, should work really well for encrypting files that size. – TheGreatContini Apr 02 '17 at 03:59
  • Thanks! So, PGP shall be used only when there is a need for public key i.e. a file need to be encrypted by external partner using public key? I understand that in my case there is no requirement for it. Moreover, I have heard that asymmetric key encryption (PGP) is more stronger as compared to symmetric key (AES). Is it true or misconception? Please advise. – Aman Apr 02 '17 at 05:12
  • That is 100% nonsense. Whoever is feeding you that rubbish, please invite them here to discuss with me. And if they can't come here to defend their position, tell them to have a read of the paper Selecting Cryptographic Key Sizes. Bottom line: keep it simple, don't do anything more than you need to do. – TheGreatContini Apr 02 '17 at 11:08
  • Thanks for your answer! It is helpful. One question though - what is the advantage of keeping IV unpredictable vs static one? Also, in former case - do we store IV in the encrypted text at the beginning? – Aman Apr 04 '17 at 05:47
  • To clarify, my question is for CBC mode. – Aman Apr 04 '17 at 05:55
  • 1
    The advantage is security. There are all sorts of attacks on CBC mode when IVs are predictable. For examples, Many of the attacks on SSL (such as POODLE) take advantage of predictable IVs. – TheGreatContini Apr 04 '17 at 11:20
  • Ok, thanks. So, is it fine to store the unpredictable IV as prefix to the encrypted text so that it can be used for decryption? – Aman Apr 04 '17 at 13:47
  • 1
    Correct. IV does not need to be secret, it can live at the beginning of the cipher text. – TheGreatContini Apr 04 '17 at 19:43
  • Is there a way to identify or inspect an AES encrypted file based on the file content? Full question here: http://stackoverflow.com/questions/43333329/identifying-an-aes-encrypted-file – Aman Apr 10 '17 at 21:43
  • @Aman I think DNA gave a satisfactory answer to that question. – TheGreatContini Apr 10 '17 at 22:16