Encryption key storage

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mshita
Forum Commoner
Posts: 32
Joined: Sat Jul 03, 2004 8:55 pm
Location: Portland, OR
Contact:

Encryption key storage

Post by mshita »

I know...to many questions from me today :)

But I guess this is more of a general question than a PHP coding question. I have a MySQL database that has credit card information and some other confidential financial information. I'm going to be using Blowfish to encrypt all that information. But my question is, how do I securely store the encryption key? Is it safe to store the key in MySQL? Obviously I can't encrypt the key.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

You have to ask yourself. Do you absolutely have to store their credit card information?
mshita
Forum Commoner
Posts: 32
Joined: Sat Jul 03, 2004 8:55 pm
Location: Portland, OR
Contact:

Post by mshita »

Well yeah, the system I'm trying to build requires credit card information. My question is, is MySQL safe enough to store the encryption key? Or how would you store that key?
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

The only safe thing is to keep it off the internet... besides that nothing is save enough. But i guess its more secure than storing it in some file. And are you using SSL connecting for all this!

Interesing reading maby.

http://teaching.cs.uml.edu/MySQLdocs/My ... tions.html
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Why would you need to keep the private keys stored? Shouldn't the owners of the credit cards remember them? And if they forget their key, they have to enter the credit card details again.

If you have to keep the private keys stored in a file, keep them outside of any web-viewable folder. There is still a risk involved if you are on a shared server or if you are not administering your own server. It might be sensible, if you're paranoid (which is a good thing reg. security) to have the private key file stored on different server.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

Do you need to use that data in decrypted form (e.g. pass to processing centre/gateway at some later date)? Out of my mind it's the only case when you need full credit card information, correct me if I'm wrong here.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

<span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> wrote:My question is, is MySQL safe enough to store the encryption key? Or how would you store that key?
If it would be safe enough you didn't have to encrypt the information in it :) If you do you're by definition considering mysql db not safe enough :)
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

i wouldnt store them at all.

unless you are HIGHLY confident your method of storage is extrememly secure, odds are, someone can break into it w/out too much effort.

sql injection is one possibility. another, shared server problems are VERY real, and makes hacking a site a peice of cake often.

if i could gain access to your encrypted cc nums, even w/ out the encrytption key, all i need to do is download them to my local box and have a cracking program go at them. prob wont take very long.

i think if your asking questions about security such as this, your probably not yet ready/capable of storing them securely enough. thats not a bad thing, it just takes experience which will come in time. please be realistic about your capabilities, and the capabilities of others.

i urge you to take all precautions for security you can. ive had my credit card number plastered all over the internet because someone hacked a website i bought something from. it caused me a lot of problems as you can imagine. identity theft can ruin peoples lives.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

if you insist on storing the decrypted info, i would use something like gpg and only make the public key available on the server. (is enough to encrypt)


and then have the private key on different, absolutely secure machine. then you can retrieve the encrypted data from the webhost, and decrypt at the secure machine.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

timvw wrote:if you insist on storing the decrypted info, i would use something like gpg and only make the public key available on the server. (is enough to encrypt)
I wouldn't use GNUPG, because you have to use a shell command to access it and pass the private key as parameter. That could be a huge security risk if you don't have full control over your server - someone would simply need to check the shell's cache... I'd recommend using [php_man]mcrypt[/php_man].
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

i don't really see the security issue?

webhost [database hold public key and encrypted data]
securehost[holds private key]

- webhost only needs the public key to encrypt the data.
- the encrypted data may only be download from webhost to securehost.

- then the decryption (using private key) and processing of the data should happen on the secure host.

Don't see how that would make the private key available to the webhost.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

if you press <arrow key up> in a shell, it'll go through every shell command entered so far.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

It isn't major security breach if one can obtain public key as all he will be able to do is to add more information to the database.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

When you decrypt with GNUPG you have to pass it the private key. Yes, you can point it to a file, but on a shared server the security risk is really(!) considerable.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

i agree that if decryption is going to happen on the shared/insecure server it is a waste of time (could have stored the data plain-text then)

but if the decryption/handling happens on a different, "secure" box, it seems quite safe to me.


(PS: the arrow-up thing is why we have unset hist(ory) :) )
Post Reply