Geek Answers Handbook

How can you encrypt user data so that it can decrypt it?

I was thinking of creating a web application that would allow people to enter text (using an SSL connection), and it would be encrypted before saving to the database. The goal would be to have it so that only users can decrypt it.

You could enter users along with their data and enter them again when they want to see the data, rather than save the key. However, this would be painful for the user.

However, if you saved the key on the server, you would have access to it and could decrypt their data.

I don’t think it’s possible to do this even if the user does not enter the key every time or doesn’t save the key, but is there some way that I don’t think about? How, perhaps, to generate a key to information that only a user knows? Something like cookies?

+4
source share
3 answers

From the point of view of information security, this makes sense only if encryption / decryption is performed on the user's computer and not on your server (since there is no guarantee that you do not store the key and / or plain text). JavaScript is out of the question, so you need a client application *.

In addition, public key cryptography is an expensive computing machine. You might want to consider this if you have many users and you decide to encrypt / decrypt on the server.

* or a Java applet, but it's like the 90s. Silverlight or Flash may also work.

+1
source

You should study public key cryptography . The basic idea is that you can encrypt information using a public key, which can only be decrypted by the owner of the private key. In your scenario, the server will have a record of all public keys of the user and use them to encrypt information. Then your users will use their private keys, which the server never sees, to decrypt the data.

If you are looking for a way to store the client part with a private key, you can look at PersistJS .

+11
source

It looks like you could have done something with PGP. As mentioned in the previous post, you will have a public and private key. The private key can be protected with a passphrase. That way, you could have a private key potentially stored on db, since it still needs to use a passphrase for access.

The huge problem is that if the user has to forget this phrase, they can lose this data. You can get around this using an alternative decryption key (ADK). This key is automatically encrypted by everyone and can be shared between several people.

+5
source

More articles:


All Articles