Key Security - How to ensure that keys are secure?

0 投票
最新提问 用户: (160 分)

Assuming that there is a Key Encryption Key that is in memory and not written to file or database...

byte[] kek = new byte[32];
secureRandom.nextBytes(kek);
byte[] kekHash = SHA512.hash(kek);

And assuming that the Key Encryption Keys are ephemeral, and the Data Encryption Keys may or may not be ephemeral.

How do you protect kek?

How do you ensure that kek is never written to virtual memory?

How do you ensure that the kek is not read by another application (for example CheatEngine)?

How do you ensure that the kek is generated by the application and the kek and kekHash are not manipulated by another application to make it use the key of an adversary?

I have heard of "software HSM". What techniques do they use that is so mindblowing that makes the keys that they store secure?

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...