StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow to fully encrypt data in Ruby using Private Key encryption?
primarykey
Id
13749677
data
AcceptedAnswerId
0
AnswerCount
3
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-12-06T18:00:09.480
FavoriteCount
3
LastActivityDate
2013-12-12T19:35:12.103
LastEditDate
2013-12-12T04:38:23.597
LastEditorUserId
2432317
OwnerUserId
247483
ParentId
0
PostTypeId
1
Score
5
ViewCount
407
LastEditorDisplayName
text
Body
First, some info on our system, which is basically an eTendering solution for the construction industry. So: <ul> <li>List item</li> <li>Our system has multiple companies</li> <li>Each company has multiple users</li> <li>Each company can create multiple auctions</li> <li>Other companies can then submit their bids for the available auctions. A bid consists of hundreds or thousands of individual items, and we would just need to encrypt the 'price' section of these records.</li> </ul> The problem that we're facing is that our large customers do not want us to ever have access to the bid prices, at least while the bidding is in progress, which is totally understandable. Right now, we are simply encrypting the prices via a symmetric encryption, so even though the prices are effectively encrypted in the database, their concern is that we have the key to decrypt the prices. We're thus looking at some form of public key encryption system. Here is our initial thoughts on the solution: <ol> <li>When a company signs up, we create a public/private keypair using OpenSSL for it and we save it in S3 or straight into the database. For this to be really useful, we would enforce the user to use a strong password for the private key, which would of course not be saved in the database.</li> <li>When a company submits a bid for an auction, we encrypt the prices using the public key of the auction's owner company and we save them into the database.</li> <li>When the auction bidding period is over and the issuing company wants to generate the report the first time, we ask him to input his password and use that along with his company's private key to decrypt the prices.</li> <li>To make subsequent traffic faster, we cache the decrypted data (and maybe encrypt it using a simple symetrical encryption system)</li> </ol> So here are the questions (and we're unfortunately not security experts, so sorry if those are stupid questions): <ul> <li>Does this make any sense or is it a totally ludicrous or overkill solution?</li> <li>Would we generate the keys using OpenSSL, OpenPGP or another solution?</li> <li>What happens if a user wants to change his password or generate a new key? Would there be no other way but to decrypt/re-encode everything with the new key?</li> <li>What would some of the pitfalls be with this solution?</li> <li>Are there any better solutions that you could recommend?</li> </ul>
Tags
<ruby><security><encryption><private-key><public-key>
Title
How to fully encrypt data in Ruby using Private Key encryption?
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USe-sushi
UserOwnerUserId
1. USkhelal
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POHow to fully encrypt data in Ruby using Private Key encryption?
 UserUserId
 USkrichard
 VoteTypeVoteTypeId
 VTFavorite
2. VO
 singulars
 PostPostId
 POHow to fully encrypt data in Ruby using Private Key encryption?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POHow to fully encrypt data in Ruby using Private Key encryption?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.