PHP, MySQL, and AES Encryption / Decryption for User Data?

You should be able to generate the public/private key pair on your personal machine, and then publish the public key in your app so the data can be encrypted. In this way the server never sees the private key, and if the server is hacked the data is still safe.

You should be able to generate the public/private key pair on your personal machine, and then publish the public key in your app so the data can be encrypted. In this way the server never sees the private key, and if the server is hacked the data is still safe. You'll want to make sure the whole transaction occurs over SSL.

The client side can generate a random session key, encrypt the data with that key (using AES), then encrypt the key with the public key from your app (using RSA), and send the encrypted data and key to the server. You could store the whole blob in one database field or two. The only way the data can be decrypted is to decrypt the key first, and the only way that can be done is by using the private key on your personal machine.

Update Check out plugins.jquery.com/project/jQuery-Gibber.... It's a JQuery plugin that appears to allow this type of scenario. I have no experience in using it, but it appears to me to be a good start.

New Update Just to be clear about what I'm suggesting, and to address your edit: You can't use only AES encryption. With AES there is one key that is used both to encrypt and decrypt. The key would have to exist wherever the encryption operation occurs, either in the client code, or on the web server.In the first case anyone can get your key.

In the second case, if the web-server is compromised, then the key, and the data, are also at risk. The solution is to use good, strong AES encryption in combination with public-key crypto (RSA). I'd suggest doing to the crypto on the client-side, for reason I'll outline below.

Here, though, are the steps I'd suggest: On your private machine create a public/private key pair, and keep the private key safe. Put the public key somewhere in the code you send to the client. When the user submits the form the client code: Generates a random AES key (the session key) Encrypts the form data Uses your public key, and the RSA algorithm, to encrypt the session key Discards the plaintext session key Sends the encrypted form data, and the encrypted session key to your server Your server accepts the encrypted form data, and stores it, along with the encrypted key, in the database.

You now have encrypted data in the database that can only be retrieved using the private key stored on your private machine. Even if the user somehow manages to capture the session key while it's in the clear on his machine, the worst that can happen is that that one record could be decrypted. The reason I'd suggest this client-side approach is that it means that your server never see the encryption keys in the clear.

If the same scheme where employed on the server-side then, theoretically, an attacker could be sitting on your server watching it happen. At the end of the day it basically comes down to how paranoid you want to be. Following this scheme, when you want to retrieve the data you'd dump the required data, in encrypted form, from the database to your private machine.

The for each chunk of encrypted data: Decrypt the session key using the RSA algorithm and your private key Decrypt the data using AES with the session key from step 1. Anyway, that's the approach I'd suggest. I'm sure there's libraries out there to handle this.

I'm not sure how that is supposed to work: AES_ENCRYPT can encrypt using only one string and one key. Anywhere that has access to the key has access to whatever is contained in the blob that the key encrypts. How can the server encrypt something without having access to that key?

– cwallenpoole Oct 26 '10 at 0:49 @Christopher W. Allen-Poole - You're assuming the encryption happens on the server. If it happens on the client, and then the client sends encrypted data and the key encrypted with a public key then there's nothing on the server that can decrypt it.

The server doesn't need to know the session key used to encrypt the data. – Andrew Cooper Oct 26 '10 at 0:59 @Andrew Cooper - I looked at the gibberish, jquery code but doesn't necessarily seem to function as stated and the "documentation" is horrible. I have added a new edit to further explain my goal.

– JM4 Oct 28 '10 at 14:31 @JM4: Like I said, I have no experience with Gibberish - I just found it through Google. I'm sure there are tools out there that will help you. See my update for a more detailed explanation of my suggested approach.

– Andrew Cooper Oct 28 '10 at 15:51 @Andrew Cooper - I have already started the process of going with your method and I do like it the best. Would you mind taking a look at my most recent edit if you get a shot. – JM4 Oct 28 '10 at 16:15.

Encrypts that data using AES and a "public" key ... decrypt the data ONLY with a private key But AES is a symmetric encryption algorithm - i.e. The same key is used for encryption and decryption. Or do you mean you want to implement something like SSL, where some assymetric algorithm is used for encrypting a randomly generated key then the end points use that key for a symeetric algorithm?

This kind of approach is only of benefit where the data to be encrypted is significantly larger than the keys used - is that the case here? Have a google for PHP and RSA or ELGamal for assymmetric encryption algortihms. (note it'll probably be significantly faster and easier to program if you shell out to something like GPG to do the encryption - there are wrappers on phpclasses for this).C.

1 for using GPG, fits the requirements perfectly without having to get your hands dirty with crypto. – SimonJ Oct 26 '10 at 19:55 Just remember to back up the key somewhere :) – SimonJ Oct 26 '10 at 19:56 ultimately, I am only trying to ensure that somebody cannot 'decrypt' the data within my database if the server is compromised (and by having the only 'decrypt key' stored locally, thought it was at least a strong security measure). – JM4 Oct 28 '10 at 14:30.

... That doesn't strike me as possible. MySQL's AES_DECRYPT method requires the encoded message as well as the original key in order to decrypt something. This means that anyone that can get the encryption key can decrypt the message.

But he doesn't want to decrypt it. He wants to store the data in the database in its encrypted form. Is that right @JM4?

– Andrew Cooper Oct 25 '10 at 23:23 That is correct - I may decrypt online using my own key in temporary situations but I never want to be able to look directly into the DB and see open data – JM4 Oct 26 '10 at 0:07 If I am trying to use the key "foo" to encrypt, then PHP needs to have AES_ENCRYPT( $password, 'foo' ) somewhere. This means that anyone who has read access to the file which controls encryption can then decrypt the database. If he's the only one with read access, though, then it shouldn't matter where the private key is.

– cwallenpoole Oct 26 '10 at 0:39 The answer is - don't encrypt on the server. Have the data encrypted on the client side, and sent to the server (and then stored in the database) in encrypted form along with the session key encrypted with the public key. The only way to decrypt the data is by first decrypting the session key using the private key that is kept, um, private.

– Andrew Cooper Oct 26 '10 at 1:02 1 @Christopher W. Allen-Poole: He did ask for AES. He also asked about using a "public key", hence my solution.

The beauty of doing it this way is that all his web and database servers ever see is cyphertext. The data is never "in the clear" on either of these systems, so compromise of the server can't compromise the data. – Andrew Cooper Oct 26 '10 at 21:49.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.