How can i save a encryption key securely on a system (openssl,c)?

Question

Hi i am using openssl evp api to encrypt/decrypt a file using AES256CBC.

The file is encrypted with key 'k' and iv 'v' (which were generated using EVP_BytesToKey()function where i supply a random bytes of data as salt which i get from RAND_bytes() and a password supplied by user and then using these two i initialize the encrypt context and decrypt context.

The function for initialization is:

int aes_init(unsigned char* pwd, unsigned int pwd_len,EVP_CIPHER_CTX *e_ctx, EVP_CIPHER_CTX *d_ctx)             /* return 0:SUCCESS 1: ERROR */
   {
    int i, rounds =5;                                       /* rounds */
    unsigned char key[32], iv[32], salt[8];

    if(!(RAND_bytes(salt,8))) //Writes cryptographically secure random bytes in salt[]
    {   
            perror("\n ERROR,SALT::");
            return 1;
    }   

    i = EVP_BytesToKey(EVP_aes_256_cbc(),EVP_sha1(),salt,pwd,pwd_len,rounds,key,iv);
   }

What i intend to implement is this scenario:

User encrypts the file A with key k and IV v. program exits normally Then if now User now wants to decrypt the encrypted file A he/she will need the same cipher context i.e. same key k, same IV.

So my problem is how can i securely save the key and iv ( the same used for encryption) so that i can use it to decrypt the file at a later time.

NOTE: i have seen some commercial encryption products creates a sort of keystore for this, any idea how it is done.

Are there any set of guidelines that are followed for this ?

Any suggestion would be highly appreciated..

Many thanks

Answer 1

None of these "solutions" are really secure. If you want to store a symmetric key securely on a system you must store it in a Hardware Security Module (HSM). One relatively inexpensive option is the Apricorn Aegis encrypted flash drive, which is FIPS 140-2 Level 3 validated.

See http://www.apricorn.com/products/hardware-encrypted-drives/aegis-secure-key.html for details.

Answer 2

An alternative to storing the key would be to ask the user for a password. First you encrypt the file using a fully random (session) key. That key gets encrypted with a key derived from a password, e.g. using a function like PBKDF2 (see the many stackoverflow articles on this). Store the encrypted key with the file (possibly in front of the file, making for easier decryption, you can encrypt and write the key before encrypting the file as well).

Answer 3

If I understand your question correctly, you can't.

Sooner or later someone has to unlock the keystore. That requires a key. You can't store the keystore unlocking key because it needs to be retrieved in the clear so the keystore can be unlocked. Okay, you could store the keystore unlocking key somewhere, but now you've got the same problem all over again.

The "standard" solution requires that you rely on operating system security to make the keystore unlocking key inaccessible to any user other than the keystore owner or a super-user (assuming a UNIX-like system).