Page 1 of 1

How to use Asymmetric Encryption for Storing Data in MySQL

Posted: Mon Apr 02, 2007 2:36 pm
by RudyG
I've been searching for days and I'm unable to get a good handle on this problem. I've found a treasure trove of "theoretical" articles on the subject - its seems possble - but almost no implementation examples. Any advise and practical examples would be much appreciated.

Here's what I'm trying to do... I'm collecting data from users and want to store it encrypted within MySQL. I want to use Asymmetric Encryption so that script uses a public key to encrypt, and a "secret" private key is used to decrypt. Obviously, the private key is NEVER stored on the server in any way. The decrypt script/function would only be accessible to the admin, and the private key must be entered manually by the admin via a SSL connection whenever they want to view any data in the database.

Posted: Mon Apr 02, 2007 3:07 pm
by Kieran Huggins
seems to me that once the data is encrypted you can put it wherever you want. What does encryption have to do with storage?

If you only want encryption at the storage layer you could implement a translator in the form of a data object. Read: viewtopic.php?t=48499 and imagine an "encrypt" and "decrypt" function in the getValue() and setValue() methods.

btw - awesome article Mauggs!

Posted: Tue Apr 03, 2007 6:30 am
by RudyG
Kieran Huggins wrote:seems to me that once the data is encrypted you can put it wherever you want. What does encryption have to do with storage?
Very astute - encryption has nothing to do with storage... But since I began researching this project, I've seen NO examples of using Asymmetric Encryption within php code. Therefore, my question includes it's use in context.

I'm looking for info and help regarding the use of Asymmetric Encryption within php - not a DB wrapper... Thanks anyway...

Posted: Tue Apr 03, 2007 6:52 am
by stereofrog
RudyG,

check openssl functions http://www.php.net/manual/en/ref.openssl.php

Take into account that asymmetric keys are usually pretty long, so you have to consider other methods than entering a key in a web form.