homelessDevOps
homelessDevOps

Reputation: 20726

Encrypt / Decrypt Text in MySQL Column with PHP

I have to store some information (Text) in an MySQL Column (MediumBLOB). It works but I am not sure if this way is secure enough.

Please don't wonder that the encryption key is randomized. It works as designed :)

    $encryptionKeyRandom = str_random(12);
    $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

    $encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $encryptionKeyRandom, $input['item'], MCRYPT_MODE_ECB, $iv);
    $input['item'] = bin2hex($encrypted_string);
    // Save to DB

Suggestions for better security/encryption are welcome.

Upvotes: 0

Views: 245

Answers (1)

Xorifelse
Xorifelse

Reputation: 7911

mcrypt is outdated and hasn't been touched in quite a few years. I'm not saying that it isn't useable, just that there are faster alternatives available cause quite frankly, mcrypt is slow.

openssl is a better alternative and works much like mcrypt, but the best library is in my opinion sodium. However sodium is not yet available in php 7 and maybe bringing it to 7.1. but should be for other versions.

https://www.virendrachandak.com/techtalk/encryption-using-php-openssl/ helped me migrating from mcrypt to openssl, take a look.

Upvotes: 1

Related Questions