What is the best way to share/exchange the encryption keys from clients to save it in secrets manager? | C2C Community
Question

What is the best way to share/exchange the encryption keys from clients to save it in secrets manager?

  • 14 August 2021
  • 6 replies
  • 69 views

Userlevel 1

I just want to know the best way to share and get the encryption keys to and from clients.

 

Please let me know if anyone has gone through such scenarios.


6 replies

Userlevel 5
Badge +4

Why don’t you simply use Cloud KMS for encryption keys??

Userlevel 5
Badge +5

Hi @Deepak Suresh,

Google Cloud KMs is a great product to manage custom encryption keys. You have API libraries for many languages to manage the keys.

 

Cheers,

Alfons

Userlevel 1
Badge

Hi Deepak,

 

There are risks involved when it comes to sharing / get keys to and from clients. I presume “client” being a service, SPA or other components. As others suggested, Cloud KMS is a service that you can leverage without the need for having your own key management solution which would carry a lot of business risks.

 

Other option you have is the Cloud HSM. With this service you can store you own encryption keys safely or avail keys from Google and manage them on your own. 

Userlevel 1

Why don’t you simply use Cloud KMS for encryption keys??

Thank you! I will have a look at Cloud KMS. But current situation is 

 

We are currently using opengpg standards and 4096 bit asymmetric RSA encryption

So we have a public key to encrypt the data and private key to decrypt it.

1) The keys we generate and share with clients

2) client generated keys 

 

* Client encrypts the data with public keys before sending to us

*We decrypt the data with private key and encrypt again with public key to send the data back to client after DLP scan.

 

So in order to decrypt and encrypt the data.. the keys needs to be exchanged between us and Client before they send the data.

Thats why I asked the best way to share/exchange the keys.

 

Userlevel 1

Hi Deepak,

 

There are risks involved when it comes to sharing / get keys to and from clients. I presume “client” being a service, SPA or other components. As others suggested, Cloud KMS is a service that you can leverage without the need for having your own key management solution which would carry a lot of business risks.

 

Other option you have is the Cloud HSM. With this service you can store you own encryption keys safely or avail keys from Google and manage them on your own. 

Thank you!! I will check this one.

Userlevel 1
Badge

 

...

So in order to decrypt and encrypt the data.. the keys needs to be exchanged between us and Client before they send the data.

Thats why I asked the best way to share/exchange the keys.

 

Public key exchange relies on each party properly identifying themselves before exchange.

At the same time it’s usually also the easiest to accomplish without actually involving communication between any people.

As the public key contains no secret information it can be published anywhere, and should be easily available on the organisations official and public website, on a page with https belonging to the domain owned by the organisation. There are also several public key servers for PGP/gpg keys where keys can be published and verified.

Reply