PHP纯文本加密-保持密钥安全

Question

In a typical web scenario, a website user will come along, use a website, fill out a form, and transmit the data to the server for storage in the database. Now let's say we needed to ensure their address was encrypted as it was top secret, and only those with access to the back end of the website should be able to see what that address was - this is reasonably easy to achieve right? We would just store an encryption key server-side which would be used to generate the encrypted data, store the data in the DB, and we would just use the key again to decrypt it.

Now supposing someone at the hosting company were to browse the files on your server - they could very easily get access to this encryption key, and then use it to decrypt any data they wanted, since all addresses in the database have been encrypted with the same key!

I am just trying to cover every base with the new security model, and in a "trust no one" policy I am looking at ways of stopping the hosting company from getting at the data too.

So does anyone have any suggestions to prevent those with server access from obtaining the key and decrypting data? Would password salting help in any way, or would they still be able to decrypt data quite easily.

I can't think of a way around the issue. Does anyone have any suggestions to solve this particular problem?

Answer 1

Encrypt and decrypt in the browser everything sent to the host. Use a passphrase entered on the client to do the cryptography, and never send the passphrase to the host. There's a fuller description at Host-proof Hosting

Answer 2

I guess that's a risk when it comes to shared hostings. I'm using amazon aws for most of my projects and linode for my personal blog. Both solutions are in the model "you are your own sysadmin" and nobody peeks in your machines.

If I was in your shoes, I'd use mcrypt with a variable key. For example, whe username field of the same row. This way, for the data to be compromised, the intruder would need to get access to both your database and source code to figure out how to decrypt the data. At that point your problem would be far worse than a mere information leak.

Answer 3

Well mostly hosting companies have access to all databases and files that is bad really bad.

Few years ago I did some experimenting with encryption and decryption.

The best way would be to have personal servers, but that isn't cheap.

Example RC4 encryption requires key to crypt data. Now tricky part is to make that key also encrypted with some other encryption like BASE 64 , ATOM 128. This wont make it be 100% secure

But It will be really hard to decrypt data.

I hope you can understand me.

Cheers :)

btw point is there is no 100% secure data.

Answer 4

If you don't need to be able to decrypt the data online, this is an ideal situation for public-key cryptography . In particular, a sealing API. For example, using libsodium (PHP 7.2):

Encryption

$store_me = sodium_crypto_box_seal($plaintext, $box_publickey);
sodium_memzero($plaintext);

Decryption

$plaintext = sodium_crypto_box_seal_open($stored_msg, $box_keypair);

---

If, however, you do need to be able to decrypt the data from the webserver, then anyone who accesses the webserver can just pilfer the keys and decrypt your data. No cryptography algorithm can stop someone with the keys from decrypting messages.

Always start with a threat model .