Reputation: 365
Encryption/Decryption key exchange PHP/SQL
I'm currently upgrading the security on one of the platforms I seal with. But, I am unable to crack how to securely store my encryption/decryption key.
Current setup:
MySQL server
Webserver
I need to store and read all sensitive data in the database using AES_ENCRYPT/AES_DECRYPT. But, the key for which the data is encrypted/decrypted I would like to store securely. So, in the case where someone gains access to the database or the webserver, they won't be able easily guess the key combination or read it out of a config file.
The key can change depending on the data I need to read/write.
Is this at all possible? First option I thought of was just to use a key combination based on some columns on the data I needed to read. But, that makes it possible to guess by looking at the code if someone was to get hold of both source code & database.
Any thoughts?
Upvotes: 1
Views: 158
Answers (1)
Reputation: 500
An easy and secure way to store your keys is by using a key management service like AWS KMS.
They (should) store keys on FIPS-140-2 validated hardware security modules which are designed for key storing and loading.
Online key management services do that in bulk and provide an api to use your key.
They are the industry standard and should be used to store keys securely since storing them in files or in the database can be secure but doesn't garantuee it.
Upvotes: 2
Related Questions
- Encrypting/Decrypting Passwords to and from a MySQL database
- Php Database - Content Encryption / Decryption
- Encryption of data introduced into Mysql database then read by PHP
- MySQL & PHP cross encryption / decryption algorithm?
- Best way to encrypt and decrypt data using php and mysql
- Secure way to store encryption keys - PHP
- Database encryption
- Database encryption - php/mysql
- Two-key encryption/decryption?
- PHP, MySQL, and AES Encryption / Decryption for User Data