But I guess this is more of a general question than a PHP coding question. I have a MySQL database that has credit card information and some other confidential financial information. I'm going to be using Blowfish to encrypt all that information. But my question is, how do I securely store the encryption key? Is it safe to store the key in MySQL? Obviously I can't encrypt the key.
Encryption key storage
Moderator: General Moderators
Encryption key storage
I know...to many questions from me today 
But I guess this is more of a general question than a PHP coding question. I have a MySQL database that has credit card information and some other confidential financial information. I'm going to be using Blowfish to encrypt all that information. But my question is, how do I securely store the encryption key? Is it safe to store the key in MySQL? Obviously I can't encrypt the key.
But I guess this is more of a general question than a PHP coding question. I have a MySQL database that has credit card information and some other confidential financial information. I'm going to be using Blowfish to encrypt all that information. But my question is, how do I securely store the encryption key? Is it safe to store the key in MySQL? Obviously I can't encrypt the key.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
The only safe thing is to keep it off the internet... besides that nothing is save enough. But i guess its more secure than storing it in some file. And are you using SSL connecting for all this!
Interesing reading maby.
http://teaching.cs.uml.edu/MySQLdocs/My ... tions.html
Interesing reading maby.
http://teaching.cs.uml.edu/MySQLdocs/My ... tions.html
Why would you need to keep the private keys stored? Shouldn't the owners of the credit cards remember them? And if they forget their key, they have to enter the credit card details again.
If you have to keep the private keys stored in a file, keep them outside of any web-viewable folder. There is still a risk involved if you are on a shared server or if you are not administering your own server. It might be sensible, if you're paranoid (which is a good thing reg. security) to have the private key file stored on different server.
If you have to keep the private keys stored in a file, keep them outside of any web-viewable folder. There is still a risk involved if you are on a shared server or if you are not administering your own server. It might be sensible, if you're paranoid (which is a good thing reg. security) to have the private key file stored on different server.
If it would be safe enough you didn't have to encrypt the information in it<span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> wrote:My question is, is MySQL safe enough to store the encryption key? Or how would you store that key?
i wouldnt store them at all.
unless you are HIGHLY confident your method of storage is extrememly secure, odds are, someone can break into it w/out too much effort.
sql injection is one possibility. another, shared server problems are VERY real, and makes hacking a site a peice of cake often.
if i could gain access to your encrypted cc nums, even w/ out the encrytption key, all i need to do is download them to my local box and have a cracking program go at them. prob wont take very long.
i think if your asking questions about security such as this, your probably not yet ready/capable of storing them securely enough. thats not a bad thing, it just takes experience which will come in time. please be realistic about your capabilities, and the capabilities of others.
i urge you to take all precautions for security you can. ive had my credit card number plastered all over the internet because someone hacked a website i bought something from. it caused me a lot of problems as you can imagine. identity theft can ruin peoples lives.
unless you are HIGHLY confident your method of storage is extrememly secure, odds are, someone can break into it w/out too much effort.
sql injection is one possibility. another, shared server problems are VERY real, and makes hacking a site a peice of cake often.
if i could gain access to your encrypted cc nums, even w/ out the encrytption key, all i need to do is download them to my local box and have a cracking program go at them. prob wont take very long.
i think if your asking questions about security such as this, your probably not yet ready/capable of storing them securely enough. thats not a bad thing, it just takes experience which will come in time. please be realistic about your capabilities, and the capabilities of others.
i urge you to take all precautions for security you can. ive had my credit card number plastered all over the internet because someone hacked a website i bought something from. it caused me a lot of problems as you can imagine. identity theft can ruin peoples lives.
if you insist on storing the decrypted info, i would use something like gpg and only make the public key available on the server. (is enough to encrypt)
and then have the private key on different, absolutely secure machine. then you can retrieve the encrypted data from the webhost, and decrypt at the secure machine.
and then have the private key on different, absolutely secure machine. then you can retrieve the encrypted data from the webhost, and decrypt at the secure machine.
I wouldn't use GNUPG, because you have to use a shell command to access it and pass the private key as parameter. That could be a huge security risk if you don't have full control over your server - someone would simply need to check the shell's cache... I'd recommend using [php_man]mcrypt[/php_man].timvw wrote:if you insist on storing the decrypted info, i would use something like gpg and only make the public key available on the server. (is enough to encrypt)
i don't really see the security issue?
webhost [database hold public key and encrypted data]
securehost[holds private key]
- webhost only needs the public key to encrypt the data.
- the encrypted data may only be download from webhost to securehost.
- then the decryption (using private key) and processing of the data should happen on the secure host.
Don't see how that would make the private key available to the webhost.
webhost [database hold public key and encrypted data]
securehost[holds private key]
- webhost only needs the public key to encrypt the data.
- the encrypted data may only be download from webhost to securehost.
- then the decryption (using private key) and processing of the data should happen on the secure host.
Don't see how that would make the private key available to the webhost.