Data security and encryption usually come hand in hand. Most people think that the more cryptic algorithm you use, the better for your data security. The logic is that if nobody knows what algorithm I’ve used, surely nobody will be able to decrypt the data. This may be true, but only if your algorithm has no weak points. I am now reading an excellent book Number Theory for Computing by Song Yan (ISBN: 978-3-540-43072-8) and all I can say is that there is no way I can design an encryption algorithm that has no weaknesses.
It turns out that much safer approach is to use publicly available algorithm. Presumably, because the encryption algorithm is public, it received a lot of scrutiny from cryptanalysts and that it is safe. This means that the strength of the encryption lies completely in the strength of the key and the key store.
Key stores
PGP Universal Server is an enterprise-level key store application. This means that you — the programmers — can forget about the complexity and security nightmare that is secure storage of the keys. Gross oversimplification is that you can say to the PGP Universal Server “decrypt this data with key called ‘my key’ using algorithm ‘AES-256′”, supply the encrypted message and wait for the open message. Easy! All you have to do is to create JNI wrappers around the PGP Universal Server’s libraries. Keep watching this space, we may just know someone who’s already done all that work!
Tags: encryption, PGP