I have an offline kiosk computer that will be running a LAMP web server and hosting a form for people to walk up and fill out. The data they submit will be encrypted and stored in a MySQL database (all stored locally on that machine).
The concern is that if the entire box was stolen, someone would potentially be able to get into the code, see the encryption keys and decrypt the data.
Is there any way to accomplish this set up in a way renders the encrypted data useless even if the entire machine is stolen? (i.e. an encryption password that is kept elsewhere, but still allows the newly entered form data to be encrypted and stored while the kiosk is in use)?
How smart are your “attackers”?
You could but the key in ram, that way it would (kind of) disappear when the machine looses power. To do this you can mount some ram as a partition (ramdisk) and let the code load the key from there.
But, keeping the key from ever touching the disk can be difficult. The OS can, for example, swap it out.
Smart attackers could circumvent this by either:
- Copying the key before they steal the box
- Dig around the disk in order to find the key.. or maybe parts of it and brute force the rest. As I said, keeping the key from ever touching the disk can be difficult ..
You could also do some light anti reverse-engineering and piece the code together in the code. That way, it would not be trivial (but not that hard either) to read it out.
You can use the Asymmetric encryption algorithms (Ex. RSA) to achieve this. With that you will be having a pair of keys, a private and a public. And as the name suggest , the public key will be available to everyone, so the user data can be encrypted with this public key, and the encrypted data is only decrypted using the corresponding private key, which in tour case machine owner will keep. Thus Even in case someone steal your machine, it will be very difficult for person to decrypt the data.