jamesmackinnon
asked on
Encrypting data in DB for web application (ideas needed)
Hi All
I am looking at building an encrypted web app in PHP on OpenBSD using mysql for backend data storage.
What I need to review is data encryption between 2 users. where the data can't be unencrypted by anyone else and need to ensure everything is kept accessible to the 2 users from any system any where.
I am looking at using two-way encryption of course on this data and one way encryption on the users passwords, but my issue is what should I be looking at to encrypt the data and only allow the receiving user the ability to decrypt the data from the person that submitted it to them. I know public-private keys would work, but I can't store these in the db as a cracker could then pull those stored keys to decrypt, so I need to be a little creative on how I should handle that, maybe keep the keys from others encrypted using the one way encrypted password of the user? if that, then what if the user changes their password, they would then be unable to decrypt the key to decrypt the messages.
Please offer some suggestions, I have a few ideas, but others always allow for ideas you may have not thought out.
Thanks again
James
I am looking at building an encrypted web app in PHP on OpenBSD using mysql for backend data storage.
What I need to review is data encryption between 2 users. where the data can't be unencrypted by anyone else and need to ensure everything is kept accessible to the 2 users from any system any where.
I am looking at using two-way encryption of course on this data and one way encryption on the users passwords, but my issue is what should I be looking at to encrypt the data and only allow the receiving user the ability to decrypt the data from the person that submitted it to them. I know public-private keys would work, but I can't store these in the db as a cracker could then pull those stored keys to decrypt, so I need to be a little creative on how I should handle that, maybe keep the keys from others encrypted using the one way encrypted password of the user? if that, then what if the user changes their password, they would then be unable to decrypt the key to decrypt the messages.
Please offer some suggestions, I have a few ideas, but others always allow for ideas you may have not thought out.
Thanks again
James
let your user encrypt the data using GPG or alike, then you can store the encrypted data in the database and only the owner of the private key can decrypt it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey all
256-Bit SSL will be used between client/Server, thats not the issue. The issue is the storing of the data in the DB as to keep it encrypted where not even myself as the administrator would have any possible way to decrypt / recover the users data. It is 100% their responsibility to ensure they don't loose their keys/passwords, if lost, good bye to data. The data being stored is from very sr. People and is of the utmost sensitive where it must never been hacked / read by anyone other then the intended parties.
The system would be a central communications system. Basically, users would go to my system ,create a message for someone else and submit it, the system will then go through a "visual" now encrypting data process (thus, performance/delay not an issue) and will then stored the encrypted data to the DB. it would then notify the receiving user of the message that an encrypted communication event is waiting for them and to please go to the ECS to read the message.
Thus, the message would be created by the sender and can go to more then 1 person (as like email) so each message would have to be encrypted using a key that the sender and receiver could use to encrypt and decrypt a message.
My problem at this point is how do I save this information, make it safe for the users while allowing them to use any PC anywhere (web based) to encrypt and decrypt the messages.
Its a creative project. I am thinking how VJC2003 says, but, the second can't be stored anywhere but in the DB.
I was thinking more on the lines of
all users have keys that are used to encrypt/decrypt messages with all other users on the system. This key is stored in an encrypts table and is encrypted with the users unencrypted one-way password, thus, only if they login with the correct password can it decrypt the encrypt key to decrypt the messages in the system.
I think if its done this way, no one could do anything with the messages unless they know the users password, which will require a min of 8 random chars that must be changed every x amount of day. on password change, it would re-encrypt their encrypts passwords to the new string.
This way, everything could stay on the 1 system and not be system dependant (client side) while allowing all of the control to be in the hands of the user.
What encryption should I be using to store this data in the DB and it has to be PHP or mysql ready (built in) and be of the highest possible level (remember performance is not a huge issue because I am delaying login / logout with a we are now encrypting or we are now decrypting process to allow for the high level of encryption)
Sorry I didn't highlight all of this earlier, just thought of most of it since creating this, maybe this will help with the feedback being given
James
256-Bit SSL will be used between client/Server, thats not the issue. The issue is the storing of the data in the DB as to keep it encrypted where not even myself as the administrator would have any possible way to decrypt / recover the users data. It is 100% their responsibility to ensure they don't loose their keys/passwords, if lost, good bye to data. The data being stored is from very sr. People and is of the utmost sensitive where it must never been hacked / read by anyone other then the intended parties.
The system would be a central communications system. Basically, users would go to my system ,create a message for someone else and submit it, the system will then go through a "visual" now encrypting data process (thus, performance/delay not an issue) and will then stored the encrypted data to the DB. it would then notify the receiving user of the message that an encrypted communication event is waiting for them and to please go to the ECS to read the message.
Thus, the message would be created by the sender and can go to more then 1 person (as like email) so each message would have to be encrypted using a key that the sender and receiver could use to encrypt and decrypt a message.
My problem at this point is how do I save this information, make it safe for the users while allowing them to use any PC anywhere (web based) to encrypt and decrypt the messages.
Its a creative project. I am thinking how VJC2003 says, but, the second can't be stored anywhere but in the DB.
I was thinking more on the lines of
all users have keys that are used to encrypt/decrypt messages with all other users on the system. This key is stored in an encrypts table and is encrypted with the users unencrypted one-way password, thus, only if they login with the correct password can it decrypt the encrypt key to decrypt the messages in the system.
I think if its done this way, no one could do anything with the messages unless they know the users password, which will require a min of 8 random chars that must be changed every x amount of day. on password change, it would re-encrypt their encrypts passwords to the new string.
This way, everything could stay on the 1 system and not be system dependant (client side) while allowing all of the control to be in the hands of the user.
What encryption should I be using to store this data in the DB and it has to be PHP or mysql ready (built in) and be of the highest possible level (remember performance is not a huge issue because I am delaying login / logout with a we are now encrypting or we are now decrypting process to allow for the high level of encryption)
Sorry I didn't highlight all of this earlier, just thought of most of it since creating this, maybe this will help with the feedback being given
James
> What encryption should I be using to store this data in the DB and it has to be PHP or mysql ready ..
this way you need the private key of the sender which violates your requirements.
The sender has to encrypt the data herself on the client. Something like GPG as I already suggested
this way you need the private key of the sender which violates your requirements.
The sender has to encrypt the data herself on the client. Something like GPG as I already suggested
http://slacksite.com/apache/certificate.html