Geek Answers Handbook

PHP, MySQL and AES Encryption / Decryption for user data

I am new to AES encryption, but trying to create a solution that:

  • Accepts Consumer Data
  • Encrypts this data using AES and the "public" key
  • Store this data in a MySQL database
  • To be able to extract and decrypt data ONLY with a private key (stored on my personal machine, not the server itself).

I understand that this can be excessive, but you want to be excessively protected for my consumer data.

A few notes:

  • This is not credit card information, so please do not write to me about PCI-DSS, this is another form of personal information, all under 500 characters in length for each field.
  • I can store pieces of consumer information and others for a second database, combined with a unique member ID for added security.
  • Incoming MySQL calls can only be made on my server directly from my static IP.
  • SSH root is disabled, ports are changed, and so on, so I feel that my server is in a fail-safe form to prevent any "basic" abuse.

I searched for articles on the Internet and SO, but did not find much in terms of completely closing the private key from the server. Even if I need to keep it on the server myself, we value thoughts or suggestions on how to move forward.

EDIT - CONFIRM

To be more clear, the goal I'm trying to achieve is (in a very simple form):

  • The customer enters his phone number on the Internet.

  • The entered phone number is encrypted online using key A and mysql db

  • The client will never be able to see the full phone again but can, of course, update it (through the key process nth time)

  • As a system administrator, I can only access data by downloading and decrypting data on my local computer (this or I must first download a temporary file that is used to decrypt the data I need).

EDIT 2 - I'm an idiot

I am using Andrew Cooper answer below, but it is difficult for me to get my script to read the contents of the .pem file that I generated. Based on the code below: how can I get the $ public key corresponding to a specific .pem file on my server?

<?php if (isset($_SERVER['HTTPS']) ) { echo "SECURE: This page is being accessed through a secure connection.<br><br>"; } else { echo "UNSECURE: This page is being access through an unsecure connection.<br><br>"; } // Create the keypair $res=openssl_pkey_new(); // Get private key openssl_pkey_export($res, $privatekey); // Get public key $publickey=openssl_pkey_get_details($res); $publickey=$publickey["key"]; echo "Private Key:<BR>$privatekey<br><br>Public Key:<BR>$publickey<BR><BR>"; $cleartext = '1234 5678 9012 3456'; echo "Clear text:<br>$cleartext<BR><BR>"; openssl_public_encrypt($cleartext, $crypttext, $publickey); echo "Crypt text:<br>$crypttext<BR><BR>"; openssl_private_decrypt($crypttext, $decrypted, $privatekey); echo "Decrypted text:<BR>$decrypted<br><br>"; ?>

EDIT 3 - maybe not an β€œidiot”, but semicolons hate me

I had a semicolon. I use the function: file_get_contents (), but is there a more preferred reading method in the data for the .pem file?

+4
source share
3 answers

You should be able to generate a pair of public and private keys on your personal machine, and then publish the public key in your application so that the data can be encrypted. Thus, the server never sees the private key, and if the server is hacked, the data is still safe.

You want to make sure that the entire transaction is through SSL. The client side can generate a random session key, encrypt data using this key (using AES), then encrypt the key using the public key from your application (using RSA) and send encrypted data and the key to the server. You can save the entire block in one database field or two. The only way to decrypt data is to decrypt the key first, and the only way to do this is to use the private key on your personal machine.

Update

Check out http://plugins.jquery.com/project/jQuery-Gibberish-AES . This is a jQuery plugin that allows you to enable this type of script. I have no experience using it, but it seems to me that this is a good start.

New update

Just to understand what I am suggesting and refer to your editing:

You cannot use AES encryption only. AES has one key that is used for encryption and decryption. The key must exist wherever the encryption operation occurs, either in the client code or on the web server. In the first case, anyone can get your key. In the second case, if the web server is hacked, the key and data are also at risk.

The solution is to use good, strong AES encryption in combination with public key cryptography (RSA). I would suggest doing client-side cryptography because I will describe below. Here, however, there are steps that I propose:

  • On your private machine, create a pair of public / private keys and keep the private key safe.
  • Put the public key in the code that you send to the client.
  • When a user submits a form to client code:
    • Generates a random AES key (session key)
    • Encrypts form data
    • Uses your public key and RSA algorithm to encrypt the session key
    • Cancels a plaintext session key.
    • Sends encrypted form data and an encrypted session key to your server.
  • The server receives the data in an encrypted form and stores it together with the encrypted key in the database.

Now you have the encrypted data in the database, which can only be obtained using the private key stored on your private machine. Even if the user somehow manages to capture the session key while he is in a box on his machine, the worst that can happen is that one record can be decrypted.

The reason I propose this approach on the client side is because it means that your server never sees the encryption keys explicitly. If the same scheme is used on the server side, theoretically, an attacker can sit on your server, watching how this happens. In the end, it basically comes down to how you want to be paranoid.

Following this scheme, when you want to receive data, you must dump the required data in encrypted form from the database to your personal machine. For each piece of encrypted data:

  • Decrypt the session key using the RSA algorithm and your private key
  • Decrypt the data using AES using the session key from step 1.

In any case, I would suggest this approach. I am sure that there are libraries.

+5
source

Encrypts this data using AES and the "public" key ... decrypt data ONLY using the private key

But AES is a symmetric encryption algorithm, i.e. the same key is used for encryption and decryption.

Or do you want you to implement something like SSL, where some asymmetric algorithm is used to encrypt a randomly generated key, then endpoints use this key for a symbolic algorithm? This approach is suitable only in cases where the data to be encrypted is much larger than the keys used - is that the case here?

You have Google for PHP and RSA or ELGamal for asymmetric encryption algorithms. (note that it will probably be much faster and easier to program if you use the GPG shell for encryption - there are wrappers for phpclasses for this).

WITH.

+2
source

... This does not seem to me successful. MySQL method AES_DECRYPT requires an encoded message, as well as an original key, to decrypt something. This means that anyone who can get the encryption key can decrypt the message.

0
source

More articles:


All Articles