Secure Encryption of File on Disk

109 views Asked by At

I want to be able to store some data on disk after being downloaded from a server that will be fairly resistant to hacking!

What I was going to do was encrypt the data with a private key on the server and decrypt it with the public key in the client, but the data is going to be arbitrary length and will be larger then a RSA private key.

My thinking was doing it this way would mean that if a hacker managed to decompile the code and get the encryption key they would be able to decrypt it but they wouldn't actually be able to modify the data as they would still need to the private key to encrypt it again after modification for the client to load!

So i thought of a combination of asymmetric encryption with symmetric encryption to store the data. So a symmetric encryption key would be asymmetrically encoded by the server and stored along side the symmetrically encrypted data then the client would decrypt the symmetric encryption key with its public key then decrypt the data!

But then I realised a hacker would just need to decompile the code, get the public key, decrypt the symmetric decryption key, decrypt the data, modify it then re-encrypt with the symmetric decryption key and he has hacked the system.

My question is does anyone have a suggestion in how I could go about storing this data on the client without it being hackable without knowing the private key! The data needs to be decrypt-able offline without any connection to a server required! So this rules out getting the data/keys from the server all the time!

1

There are 1 answers

1
Aaron Digulla On

There is no secure way to store data on the client. When data is on the client, a dedicated mind has all the tools and all the time in the universe to crack the best encryption that you can come up with.

There are two solutions:

  1. Trust your client.
  2. Stream the data.

Comments: If your client is also your enemy, then there is no way you can make business with them. The movie industry learned this, the music industry learned this, the book industry is learning it and the games industry is following. These people spent billions in clever DRM technologies and they all failed.

You want the customer's money? Then treat them accordingly.

Streaming is about the only workaround that balances trust and security. Streaming means that at any time, only a small fraction of the data is on the client at any time and combining the fragments into a whole data set is complex.