15.12. Cryptographic considerations of privacyIDEA

15.12.1. Encryption keys

The encryption key is a set of 3 256bit AES keys. Usually this key is located in a 96 byte long file “enckey” specified by PI_ENCFILE in The Config File. The encryption key can be encrypted with a password.

The three encryption keys are used to encrypt

  • data like the OTP seeds and secret keys stored in the Token table,
  • password of resolvers to connect to LDAP/AD or SQL (stored in the ResolverConfig table)
  • and optional additional values.

OTP seeds and passwords are needed in clear text to calculate OTP values or to connect to user stores. So these values need to be stored in a decryptable way.

15.12.2. Token Hash Algorithms

OTP values according to HOTP and TOTP can be calculated using SHA1, SHA2-256 and SHA2-512.

15.12.3. PIN Hashing

Token PINs are managed by privacyIDEA as the first of the two factors. Each token has its own token PIN. The token PIN is hashed with a seed with SHA2-256 and stored in the Token database table.

This PIN hashing is performed in lib.crypto:hash.

15.12.4. Administrator Passwords

privacyIDEA can manage internal administrators using The pi-manage Script. Internal administrators are stored in the database table Admin.

The password is stored using a PBKDF with SHA512 with 10023 rounds. The hash is salted and peppered. While the salt is stored in the Admin table created randomly for each admin password the pepper is unique for one privacyIDEA installation and stored in the pi.cfg file.

This way a database administrator is not able to inject rogue password hashes.

The admin password hashing is performed in lib.crypto:hash_with_pepper.

15.12.5. Audit Signing

The audit log is digitally signed. (see Audit and The Config File).

The audit log can be handled by different modules. privacyIDEA comes with an SQL Audit Module.

For signing the audit log the SQL Audit Module uses the RSA keys specified with the values PI_AUDIT_KEY_PUBLIC and PI_AUDIT_KEY_PRIVATE in The Config File.

By default the installer generates 2048bit RSA keys.

The audit signing is performed in lib.crypto:Sign.sign using SHA2-256 as hash function.