MySQL Encryption - where to store the key

Posted on 2010-11-21
Last Modified: 2012-05-10
I'm going to be encrypting some fields in my database using AES_ENCRYPT() and AES_DECRYPT(), and connecting to my webpage using SSL.

The point of the exercise is that my application will be hosting some very sensitive user information which nobody else - and that should include me or anyone else who somehow gains administrative access to the server - can read it.

I understand the basic concepts of public shared key encryption - but something I don't get is where are you supposed to store the "key" string that AES_ENCRYPT/DECRYPT needs? That seems like te weakest link in the chain, and no matter how strong the encryption is, if the key is easily retrievable it all pretty much counts for nothing.

So how and where am I supposed to store the key for doing the encryption/decryption?
Question by:Frosty555
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 34183336
You are correct, storing the key will always be the weakest link. Thats why many people use hash's for passwords so there is no way to get them back.

Without knowing your setup, the user or client password can be the encryption key. So when they logon you know have the key to decrypt and only the users knows. Its hard to give other idea's without more information of the who and the what.
LVL 31

Author Comment

ID: 34186272
Hi Stephen,

The easiest analogy to give to the system I'm developing is imagine a password vault system - each user registers for an account and then inputs their passwords / sensitive data into the system for safe keeping.  It's important that the security of the website permits only them to see the info, but equally as important for their own peace of mind that me or anyone in my company can't just go in the back-end and look at it either.

The other question is if you have several users who need access to the same piece of data, can you have multiple "decrypting" keys that work?

Accepted Solution

stephen_c01 earned 500 total points
ID: 34187468
Ok, so I am partial right, you should use their password as the encryption key. But now, how do you handle multiple access.

Something along the lines of.

You generate a random key say a md5 hash, that will actually be the encryption key for the users data. Now you encrypt the md5 hash with their password. Now, when they change their password you just decrypt and re-encrypt the md5 hash with the new password you and don't have to re-encrypt all of their data. In this method to get multiple users access to the same data you just decrypt the md5 hash; copy it and encrypt it with the other users password so they now have access to the md5 hash, which is the true key to the data.

IMO, you would want to layer this. you might want to use a unique md5 hash for each password in the password vault. So you can share some of the account and not all of the accounts.
LVL 31

Author Comment

ID: 34211231
I'm still sort of wrapping my head around what you've just said, but I think it makes sense. It also conveniently solves the problem of "isn't it a lot of overhead to reencrypt half the database whenever the user wants to change their password"

Cool, thank you for your help


Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
A hard and fast method for reducing Active Directory Administrators members.
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question