Databases
StackOverflow2013
Postsdbo
POPHP, MySQL, and AES Encryption / Decryption for User Data
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPHP, MySQL, and AES Encryption / Decryption for User Data
    primarykey
    data
    text
    <p>I am new to AES encryption but trying to build a solution which:</p> <ul> <li>Accepts consumer data</li> <li>Encrypts that data using AES and a "public" key</li> <li>Store that data in a MySQL database</li> <li>Have the ability to pull and decrypt the data ONLY with a private key (stored on my personal machine, not the server itself).</li> </ul> <p>I realize this may be overkill but want to be overly protection for my consumer data. </p> <p>A few things to note:</p> <ol> <li>This is not credit card information so please don't write telling me about PCI-DSS, it is other form of personal information all under 500 characters in length for each field.</li> <li>I may store pieces of the consumer information and others in a second database tied together by a unique member ID for additional security.</li> <li>Incoming MySQL calls can only be made to my server directly from my static IP.</li> <li>SSH root is disabled, ports changed, and so on so I feel my server is in faily good shape to prevent any "basic" misuse.</li> </ol> <p>I have looked for articles online and SO but have not found much in terms of keeping the private key off the server completely. Even if I need to keep on the server itself - thoughts or suggestions for how to move forward are appreciated.</p> <h2>EDIT - CLARIFICATION</h2> <p>Just to be more clear, the goal I am trying to achieve is this (in very basic form):</p> <ul> <li><p>Customer enters his/her phone number online.</p></li> <li><p>The phone number entered is encrypted online using key A and stored within the mysql db</p></li> <li><p>The customer will never be able to see the full phone again at this point, but can certainly update it (going through key A process a nth time)</p></li> <li>As a system administrator, I am only able to access the data by either downloading and decrypting the data on my local machine (that or I must first upload a temporary file which is used to then decrypt the data I need).</li> </ul> <h2>EDIT 2 - I'm a an idiot</h2> <p>I am using Andrew Cooper's response below but am having trouble getting my script to read the contents of the .pem file I generated. Based on the code below - how would I get $public key to correspond to a specific .pem file on my server?</p> <pre><code>&lt;?php if (isset($_SERVER['HTTPS']) ) { echo "SECURE: This page is being accessed through a secure connection.&lt;br&gt;&lt;br&gt;"; } else { echo "UNSECURE: This page is being access through an unsecure connection.&lt;br&gt;&lt;br&gt;"; } // Create the keypair $res=openssl_pkey_new(); // Get private key openssl_pkey_export($res, $privatekey); // Get public key $publickey=openssl_pkey_get_details($res); $publickey=$publickey["key"]; echo "Private Key:&lt;BR&gt;$privatekey&lt;br&gt;&lt;br&gt;Public Key:&lt;BR&gt;$publickey&lt;BR&gt;&lt;BR&gt;"; $cleartext = '1234 5678 9012 3456'; echo "Clear text:&lt;br&gt;$cleartext&lt;BR&gt;&lt;BR&gt;"; openssl_public_encrypt($cleartext, $crypttext, $publickey); echo "Crypt text:&lt;br&gt;$crypttext&lt;BR&gt;&lt;BR&gt;"; openssl_private_decrypt($crypttext, $decrypted, $privatekey); echo "Decrypted text:&lt;BR&gt;$decrypted&lt;br&gt;&lt;br&gt;"; ?&gt; </code></pre> <h2>EDIT 3 - maybe not 'idiot' but semicolons hate me</h2> <p>I had a semicolon misplaced. I am using the function: file_get_contents() but is there a more preferred method of reading in the data for the .pem file?</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USJM4
    1. USJM4
    plurals
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POPHP, MySQL, and AES Encryption / Decryption for User Data
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload