Reputation: 51
Encrypting mysql text information / European language support
I'm working on an open-source project for hospice patients and volunteers. I want to support all European languages, and the patient information must be encrypted. I'm currently using the following:
- mysql table charset: CHARSET=utf8
- patient info field type (name, address, etc): varbinary(255)
- mysql encryption: AES_ENCRYPT
- key passed as: SHA2('My secret passphrase', 256)
Will these settings support all European languages? Does the encryption scheme seem reasonable?
Upvotes: 2
Views: 41
Answers (1)
Reputation: 108806
Yes, MySQL's AES_ENCRYPT() function will do round-trip encryption for text strings coded in utf-8. So this should work correctly for your cross-lingual application.
AES's output is a binary text string. If you're passing this data back and forth from clients to servers etc, I strongly suggest you encode it in Base-64 text strings, so it can be represented in transport- and storage- friendly ASCII.
TO_BASE64(AES_ENCRYPT(phrase, keyvalue))
will generate such an encoded string, and
AES_DECRYPT(FROM_BASE64(coded), keyvalue)
will decode it.
You asked if this is a reasonable encryption method. If you're building a web application, I don't think it's enough security for protected patient data. Why not? Because your web app must know the keyphrase for this to work. Because AES is symmetric encryption, the same keyphrase must be used for both encryption and decryption. That means it will be floating around on your web servers.
Web servers are often easier to penetrate than database servers, because database servers can be behind firewalls. So, if a cybercriminal cracks your system, he'll probably get into your web servers first. He can then get hold of the database encryption keyphrase easily. In fact, if your volunteers can search your tables by patient name, you'll be doing a lot of decryption of many names all the time.
So, sure, go ahead and use your proposed scheme as part of security-in-depth if you want. But keep in mind that it's insufficient. Don't count on it. You still need secure web servers, a robust user-authentication scheme, and proper firewalling.
Upvotes: 1
Related Questions
- Php Database - Content Encryption / Decryption
- MySQL Encryption
- Storing information encoded in mysql
- Western and Unicode Characters in PHP Crypt Method
- How would I store some encrypted strings in Mysql using php?
- MySQL European Characters
- AES_DECRYPT() and AES_ENCRYPT() in MySQL with Polish characters
- mysql encoding encrypted text
- Best way of encrypting text to store in mysql database
- php - storing encrypted string in mysql