MySQL Encryption - where to store the key

Posted on 2010-11-21
Last Modified: 2012-05-10
I'm going to be encrypting some fields in my database using AES_ENCRYPT() and AES_DECRYPT(), and connecting to my webpage using SSL.

The point of the exercise is that my application will be hosting some very sensitive user information which nobody else - and that should include me or anyone else who somehow gains administrative access to the server - can read it.

I understand the basic concepts of public shared key encryption - but something I don't get is where are you supposed to store the "key" string that AES_ENCRYPT/DECRYPT needs? That seems like te weakest link in the chain, and no matter how strong the encryption is, if the key is easily retrievable it all pretty much counts for nothing.

So how and where am I supposed to store the key for doing the encryption/decryption?
Question by:Frosty555
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 34183336
You are correct, storing the key will always be the weakest link. Thats why many people use hash's for passwords so there is no way to get them back.

Without knowing your setup, the user or client password can be the encryption key. So when they logon you know have the key to decrypt and only the users knows. Its hard to give other idea's without more information of the who and the what.
LVL 31

Author Comment

ID: 34186272
Hi Stephen,

The easiest analogy to give to the system I'm developing is imagine a password vault system - each user registers for an account and then inputs their passwords / sensitive data into the system for safe keeping.  It's important that the security of the website permits only them to see the info, but equally as important for their own peace of mind that me or anyone in my company can't just go in the back-end and look at it either.

The other question is if you have several users who need access to the same piece of data, can you have multiple "decrypting" keys that work?

Accepted Solution

stephen_c01 earned 500 total points
ID: 34187468
Ok, so I am partial right, you should use their password as the encryption key. But now, how do you handle multiple access.

Something along the lines of.

You generate a random key say a md5 hash, that will actually be the encryption key for the users data. Now you encrypt the md5 hash with their password. Now, when they change their password you just decrypt and re-encrypt the md5 hash with the new password you and don't have to re-encrypt all of their data. In this method to get multiple users access to the same data you just decrypt the md5 hash; copy it and encrypt it with the other users password so they now have access to the md5 hash, which is the true key to the data.

IMO, you would want to layer this. you might want to use a unique md5 hash for each password in the password vault. So you can share some of the account and not all of the accounts.
LVL 31

Author Comment

ID: 34211231
I'm still sort of wrapping my head around what you've just said, but I think it makes sense. It also conveniently solves the problem of "isn't it a lot of overhead to reencrypt half the database whenever the user wants to change their password"

Cool, thank you for your help


Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Containers like Docker and Rocket are getting more popular every day. In my conversations with customers, they consistently ask what containers are and how they can use them in their environment. If you’re as curious as most people, read on. . .
In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question