Protocol-Design

你將如何設計一個 API 伺服器來儲存使用者 sercrets?

  • October 21, 2022

這不是用於生產應用程序,而只是我的探索,以幫助我理解密碼學。

在最簡單的層面上,我想為使用者機密設計一個鍵值對儲存。

這通過 HTTPS API 公開,支持通常的 create-read-update-delete 操作:發送帶有 sercret 主體的 post 請求,伺服器加密並儲存該密鑰,然後返回該密鑰的 id;向 id 發送 get 並取回解密後的秘密;等等

This service receives requests from other microserivces in the network on behalf of the user.

How should the service protect a user’s secrets, and protect against unauthorized access to this API?

I know that in some way the service needs to authenticate and authorize the request from both the upstream service and the user.

What’s a good way to pair these? One idea I have is something like…

  1. Generate a key
  2. Encrypt the secret using the key
  3. Store the encrypted secret
  4. Encrypt the key using…? something from the server + user - a shared secret maybe?
  5. Store the encrypted key
  6. Return to the user an id (token)

And to retrieve the secret:

  1. user/other service requests id from server
  2. server + user shared secret decrypts key
  3. key decrypts secret
  4. send secret to user

Your application is the simplest form of an encrypted pastebin for example, for something like this you can take a look here. Also, there isn’t a golden rule on how to design such an application. It really depends on the specifications you set. For example, the ideal from a security perspective is to encrypt the secrets client side and the server then just becomes a simple database. It can indeed be replaced by a db service and not an http api but you can build an http api on top of the db service as well. On the other hand, you may want to make your api accessible to low/end low powered devices, then you have to choose an appropriate cipher for this if you want to support client side encryption. If for some reason you want to restrict yourself to server side encryption there are a lot of methods that you can use but things get a bit more complicated here (let me know if you want to update my answer). Also you may be interested to add password authentication in order for example only registered or invited users to be able to store secrets, for this you can use an SRP 協議。同樣,這些只是幫助您入門的一些想法和資源。

引用自:https://crypto.stackexchange.com/questions/102333