[erlang-questions] Encrypting/Decrypting data

John Kemp <>
Sun May 1 02:31:47 CEST 2011


On Apr 30, 2011, at 6:25 PM, Chris Hicks wrote:

> This is a bit more of a general question than Erlang specific but I hope someone here can answer this, or simply point me to a place where it has already been answered.
> I'm writing a server in which I will be storing encrypted user data (unlike Sony). My problem is probably a product of zero experience with encryption combined with a lack of sleep, but I can't figure out how to do this securely. By that I mean I understand how to use crypto to encrypt/decrypt a piece of data but the Key and the Ivec have to be the same for both the encryption and decryption otherwise it doesn't work...so how do I make this happen without storing those two things "out in the open?" It seems like that can't be the optimal solution since anyone who could just grab those and decrypt the data. Am I missing something completely obvious?

You have it correct. The solution to your problem is to do what things like 'ssh' or Apache 'httpd' do, and use a key stored in a file with user-restricted permissions, which requires a passphrase to read. As your server starts, it will ask the user who starts it for the passphrase and then read the key. 


- John Kemp

> Chris Hicks.
> _______________________________________________
> erlang-questions mailing list
> http://erlang.org/mailman/listinfo/erlang-questions

More information about the erlang-questions mailing list