如何在加密的数据库字段上实现搜索
[英]How to implement search on encrypted database fields
问题描述
Iam Using PHP & MySql for my web application. 
Iam在我的Web应用程序中使用PHP和MySql。 I have a requirement where I need to encrypt user specific information, say name & email_id. 我有一个需要加密用户特定信息(例如姓名和email_id)的要求。
$name = "Kevin John";
$encryptionMethod = "AES-256-CBC";
$secretHash = "25c6c7ff35b8879b151f2136cd13574";
$enc_name = openssl_encrypt($textToEncrypt, $encryptionMethod, $secretHash);
Iam storing this encrypted name in my database. 我将这个加密的名称存储在我的数据库中。 But the real problem is that I need to search the users based on their name.For example:- 但是真正的问题是我需要根据用户名进行搜索,例如:
$qry = "select * from users where name like %john%";
Any suggestion appreciated 任何建议表示赞赏
3 个解决方案
解决方案1
0 2018-11-12 13:26:42
It is not suggested to encrypt the data that you want to search on. 建议不要对要搜索的数据进行加密。
- you can either choose not to encrypt the field that you want to search on. 您可以选择不加密要搜索的字段。
or you can fetch all the data, decrypt and search if the row contains what you want on the app layer(I would not suggest this approach).
或者您可以获取所有数据,解密并搜索该行是否包含您想要在应用层上显示的内容(我不建议这种方法)。 // Pseudocode $searchTerm = 'john'; $allNamesQuery = 'select * from users'; $allNamesData = execQuery($allNamesQuery); $suggestions = []; foreach($allNamesData as $row){ $row = decryptNameFromRow($row); if(contains($row['name'], $searchTerm)) array_push($suggestions, $row); } print_r($suggestions);Please suggest if there are any alternatives.
请提出是否有其他选择。
解决方案2
0 2018-11-12 17:34:48
You may have several options, some easy some not 您可能有几种选择,有些简单,有些没有
- search / key fields are usually stored unencrypted to overcome this problem (you don't want this apparently) 搜索/关键字段通常未加密存储以解决此问题(您显然不需要这样做)
- as already suggested - scanning the whole table, decrypting every record would work, but may not be feasible 正如已经建议的那样-扫描整个表,解密每条记录都可以,但是可能不可行
- you may use static IV achieving deterministic encrytion, encrypt the searched term and search already encrypted value. 您可以使用静态IV实现确定性加密,对搜索到的术语进行加密并搜索已经加密的值。 Knowing that static IV is lowering (and sometimes breaking) the security level 知道静态IV会降低(有时会破坏)安全级别
- you may have a look at homomorphic encrytion specifically designed for operations over encrypted data, but without knowing what are you doing that may be very steep and error prone path to implement own crypto (not recommended even for seasoned professionals). 您可能会看到专为加密数据操作而设计的同态加密,但是却不知道自己在做什么,这可能非常陡峭并且容易出错,以实现自己的加密(即使是经验丰富的专业人员也不建议这样做)。 I did not dare to go through this door yet. 我还不敢穿过这扇门。
- you may store cryptographic hashes (eg sha256) of the indexed values (maybe along encrypted values) . 您可以存储索引值的加密哈希值(例如sha256)(也许沿着加密值)。 Then you could just search for a hashed search term without being able to recoved original value 然后,您可以仅搜索散列的搜索词,而无法获得原始值
- you may use static IV achieving deterministic encrytion, encrypt the searched term and search already encrypted value.
解决方案3
0 2018-11-13 11:08:54
Use AES Encryption & Decryption in SQL for implementing search on encrypted DB fields. 在SQL中使用AES加密和解密来实现对加密数据库字段的搜索。 syntax:- 句法:-
AES_ENCRYPT('Text_to_encrypt', 'secret_key')
AES_DECRYPT('Text_to_decrypt', 'secret_key')
First encrypt & store the data in DB using AES Encryption in sql
首先使用sql中的AES加密将数据加密并存储在DB中 INSERT INTO User (fname,email,mobile) VALUES (AES_ENCRYPT('Arun gopan', 'Qwfe345dgfdg'), AES_ENCRYPT('arun123@fa.com', 'Qwfe345dgfdg'),'9658475577');
Now you can query the DB using AES DECRYPT in sql for performing search operations.
现在,您可以使用sql中的AES DECRYPT查询数据库以执行搜索操作。 SELECT AES_DECRYPT(fname,'Qwfe345dgfdg'), AES_DECRYPT(email,'Qwfe345dgfdg') FROM User WHERE AES_DECRYPT(fname,'Qwfe345dgfdg') LIKE '%Arun%';
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.