Private keys and sensitive data should be stored securely and not in plaintext. Options for storage include encrypting the private key into a PKCS12 file, storing it in the user's keystore protected by access controls, executing cryptographic processes on a private network with secure protocols, using white box cryptography which obscures the key, or storing on external hardware devices.

1. KEEPING PRIVATE KEY AND DATA PRIVATE

2. HOW SHOULD I STORE MY PRIVATE KEY/DATA?
• A private key should never be stored anywhere in plaintext form
• The measures taken to protect a private key must be at least equal to
the required security of the messages encrypted with that key
• Convert private key to a PKCS12 file
• PKCS12 defines an file format for storing many cryptography objects
as a single file.
• A PKCS12 file may be encrypted and signed.

3. OPTIONS FOR STORING THE PRIVATE KEY/DATA
• In the current user's keystore
• Running the application in private network
• White box cryptography
• External device such as smart card or tamper-resistant devices

4. USER'S KEYSTORE
• A keystore file is to authenticate yourself to anyone who is asking
• Protected by OS ACL(Access control list)
• It can be used to store personal certificates, sign data to be
transmitted and a whole variety of authentication
• Permission can be restricted to super user or application who can get
access to the key

5. PRIVATE NETWORK
• Separating the cryptographic process as a program
• Keeping private data or keys and executing the program for encryption and
decryption process in a private IP address which is invisible from outside
• This Program will not return any data in plain text. It should maintain
private/public key cryptography to send data in encrypted format
• It will manage the user or other authentication process for core application
• Secure mapping between core application and Encryption program in
terms of member and DB column can be managed by encrypting the DB
column names
• Maintaining a secure protocol like https between the programs

6. PRIVATE NETWORK(A SIMPLE MODEL)
Public IP
Core
program:
Private IP
Encryption
program:
Private IP
Client
request
Cryptographic process, authentication, private data
encryption, DB management etc
request Reponse (encrypted)
request for authentication or sensitive data to
Encryption program , executing main application
etc
Member_variable Encrypted_DB_Colu
mn
Password [B@3aa8c31b
email [B@1da13fb3
Hides the column
names from outside
DB_Column
Password
email

7. WHITE BOX CRYPTOGRAPHY
• Allows to perform cryptographic operations without revealing any
portion of confidential information such as the cryptographic key
• Turns a given cipher into a representation where the operations on
the secret key are combined with random data and code, in such a
way that the random data cannot be distinguished from key
information.

8. WHITE BOX CRYPTOGRAPHY

9. WHITE BOX CRYPTOGRAPHY
• Implementations:
 White-Box DES
 White-Box AES

10. WHITE BOX CRYPTOGRAPHY
• Advantages
• cost-efficient: they are easy to distribute and to install;
• renewable: if a security flaw is discovered, updating the software or
distributing patches can be done remotely.
• Disadvantages
• Slower and require more resources (memory, processing power, etc)
• restricted to symmetric-key cryptography: there are no known whitebox
implementations of public-key algorithms.

11. External device
• Use hardware-based cryptography devices to store private keys.
• Private keys are stored on smart card or tamper-resistant hardware
rather than on the computer's hard disk drive.
• All cryptography takes place in the crypto-hardware, so private keys
are never revealed to the operating system or cached in memory