有没有参考模式用于与存储和检索每个用户的敏感信息.NET服务器应用程序，如第三方证书？

Are there any reference patterns for .Net server applications relating to storing and retrieving sensitive per user information such as 3rd party credentials?

我的preliminary设计思想是线沿线的：

My preliminary design thoughts are along the lines of:

在具有适当强私钥生成自签名的X509证书， 导出证书和密钥，并将它们存储在USB密钥将被锁定在一个宝箱和龙把守， 在设计我的服务器应用程序请求从窗户需求的私钥当前用户证书存储， 当一个新的服务器上安装服务器应用程序获取USB密钥并导入证书，并和标记私钥不可导出。

我的要求是：

减少尽可能的用户的敏感信息越来越受到损害，如果存储介质被攻破的风险。在我的情况下，存储介质可以是关系数据库或亚马逊的SimpleDB， 减少用户的敏感信息的风险越来越受到损害，如果净服务器的主机操作系统，在这种情况下，窗口的数据中心版，受到损害。

更新 3.忘记提到能够密钥更新定期是一个要求，使得同一prviate加密密钥不使用10年。

Update 3. Forgot to mention being able to rekey on a periodic basis is a requirement so that the same prviate encryption key isn't used for 10 years.

问题：

如果主机操作系统被损害攻击者可能安装一个恶意的应用程序作为我的.Net服务器来执行相同的解密操作。

更新 思考操作系统的妥协一些我意识到没有什么是可以的，如果一个熟练的攻击者可以访问来完成，但关键应受到保护，不满者管理员，即它比打开一个文件或注册表项的问题，提取私钥

Update Thinking about an OS compromise some more I realise there's nothing that can be done if a skilled attacker gains access but the keys should be protected from a malcontent administrator, i.e. it's more than a matter of opening a file or registry key to extract the private key.

我敢肯定，这个问题已经解决了一千次了，更乐意为纽带的答案，但搜索的安全加密式的主题为低信号高噪声。

I'm sure this problem has been solved a thousand times already, more than happy for a link answer, but searching on "security encryption" type topics is low signal high noise.

推荐答案

我不知道有任何具体的设计模式的但是你的.NET服务器应用程序有关的信息安全，最终，你只能做这么多，以确保您从用户请求任何信息，具体的存储的。

I'm not aware of any specific design patterns regarding security of information on your .NET server application, however, ultimately, you can only do so much to secure any information that you request from the user, and specifically, store.

如果你是存储将被用于验证您自己的应用程序将执行，存储，这是用盐腌单向散列函数的最好方法任何用户密码。通过这种方式，用户将每次与应用程序进行身份验证时提供密码，手工，纯文本，你会立即哈希明文密码和比较，与已存储的哈希密码。任何攻击，即使是与访问原始数据库，将有暴力破解逆向工程所有的盐渍哈希。没有不可能（给予足够的运算能力），但在所有的现实肯定不可能的。

If you are storing any user passwords that will be used for authentication that your own application will perform, the best way of storing this is with a salted one-way hash function. This way, the user is going to provide the password, manually, in plain text every time they authenticate with your application, and you will immediately hash that plain text password and compare that with the hashed password that you have stored. Any attacker, even one with access to the raw database, would have to brute-force reverse engineer all of your salted hashes. Not impossible (given enough computing power), but certainly improbable in all reality.

如果你存储的用户名/密码的用户提供给您，这样您的应用程序就可以使用这些凭据自动登录到用户的代表另一个应用程序或服务/进行身份验证，那么，我建议你​​不要这样做，如果该数据的安全性是至关重要的。

If you're storing usernames/passwords that the user is providing to you, such that your application can then use these credentials to automatically "log into"/"authenticate with" another application or service on the user's behalf, well, I would suggest that you don't do this if security of that data is paramount.

简单地说，即使你加密这些凭证（不管是对称或非对称加密）最终，该数据在某处被使用，要做到这一点，需要将其解密。这是在安全链中的薄弱环节可以这么说。

Put simply, even if you encrypt these credentials (whether that be symmetric or asymmetric encryption) ultimately, that data has to be used somewhere and for that to happen, it needs to be decrypted. This is the "weak link" in the security chain so to speak.

减少用户的敏感的风险   如果信息得到妥协   .NET服务器的主机操作系统，   在这种情况下，窗口的数据中心   版，就会大打折扣。

Reduce the risk of user's sensitive information getting compromised if the .Net server's host operating system, in this case Window's Data Center Edition, is compromised.

如果这种情况发生，全盘皆输。具有存储加密形式的数据不再意味着什么，因为如果Windows可以解密数据，这样可以一劳永逸，他先后获得了计算机/ OS的攻击者。他甚至需要尝试出口私人从Windows证书存储密钥，因为他可以下来解密链进一步注入了恶意code和简单的截取解密数据，因为它散发出来的解密过程

If this were to happen, all bets are off. Having the data stored in an encrypted form no longer means anything, as if Windows can decrypt that data, so can an attacker once he has access to the machine/OS. He wouldn't even need to attempt to "export" the private key from the Windows certificate store, as he could inject his malicious code further down the decryption chain and simply intercept the decrypted data as it comes out of the decryption process.

当然，保护用户的敏感数据的最好的方式是永远保存它。从用户的每一次请求它，使用它不管出于什么目的，你需要它，然后立即对其进行处理。在英国， PCI（支付卡行业）数据标准采用这种政策，关于 CVV codeS信用卡。商家可以存储信用卡号码，但从来没有CVV codeS在他们的数据库。

Of course, the finest way of protecting your user's sensitive data is to never store it at all. Request it from the user each and every time, use it for whatever purpose you need it for, then dispose of it immediately. In the UK, the PCI (Payment Card Industry) Data Standards adopt this policy with regard to the CVV codes on credit cards. Merchants can store the credit card numbers, but never the CVV codes in their databases.

如果您的必须的存储数据，然后通过各种手段对其进行加密，但请注意，加密并不一定是安全的数据，它只是增加了对什么是有效地混淆另一层攻击者谁可能会危害您的物理机或操作系统。

If you must store the data, then by all means encrypt it, but be aware that encrypting it doesn't necessarily "secure" the data, it just adds another layer of what is effectively obfuscation for an attacker who can potentially compromise your physical machine or Operating System.

如果要存储的数据，你必须有强劲的周边安全的（即的网络安全），你所能得到，precisely至prevent攻击者的潜力来访问服务器的操作系统。

If you are storing the data, you'll have to have as strong perimeter security (ie. Network security) as you can possibly get, precisely to prevent the potential for an attacker to gain access to the server's OS.

导出证书和密钥，   其存储在USB闪存盘，这将是   锁在一个宝箱和守卫   由龙，

Export the certificate and key and store them on a USB key which will be locked in a treasure chest and guarded by dragons,

除了作为一个坚固的防火墙，也许 IDS 系统，你可能希望得到这些小龙之一来保护您的服务器，太！ ：）

As well as a solid firewall and perhaps IDS system, you might want to get one of those dragons to guard your server, too! :)