penafieljlm/database_security_notes.md

Created July 18, 2017 15:13

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/penafieljlm/77ca9616f81349f23c44cc869a0ed7b7.js"></script>
Save penafieljlm/77ca9616f81349f23c44cc869a0ed7b7 to your computer and use it in GitHub Desktop.

Raw

    Each user gets symmetric key, private key, and public key
Symmetric key = encrypts the data that only the user needs to see
Private key = decrypts the data shared to the user
Public key = encrypts the data shared to the user
Symmetric key is encrypted by user PBKDF2 of user's password
Private key is encrypted by user's symmetric key
Generate recovery codes for user and encrypt copies of symmetric key using these recovery codes
Encrypt user symmetric key using organization's public key for key backup mechanism
Stroe organization's private key in a password manager or something


  

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment