how to approach encrypted private messaging with php and mysql

Question

I have a codeigniter application that allows users to register and log in to (their passwords are hashed). Now creating a messaging system is all fine but I need a way to keep the messages encrypted in the database. I was planning on using a public key system where every user will have a public/private key pair however I am not sure it's possible to safely store the private keys on the web server. Is there any way to do this?

Also I don't really want the user to have to enter a key or their own password every time they send a message.

Any guidance would be appreciated

Answer 1

You have various problems to solve, not just encrypt stuff and store it. If it's not encrypted at some point in time, that's a critical stage. Encrypting the messages and then storing them is technically easy but doesn't make much sense. Better ask for the pre encrypted message with a public key system and just store that. Trying to dumb down an encryption system just defeats the pourpose. Other problem is security of the private keys, what if they get stolen? All is worthless. Don't store keys, ever. It defeats the pourpose unless you are a james bond villian mastermind.

Answer 2

First ask yourself "Do I really need this information encrypted?" I would guess that, unless you're working for a bank, you probably don't. But if you reeeeaallly must, use CI's Encryption class:

http://codeigniter.com/user_guide/libraries/encryption.html