1

I am using MySQL db and PHP and much of the db data are already encrypted with user-supplied passwords and the excellent encryption class by ircmaxwell found here It's working perfectly.

$e = $crypt->base64_encode(encrypt($string, $password));
$e2 = $crypt2->decrypt(base64_decode($string), $password);

But is there any way to automatically encrypt and decrypt data directly by the server without even MY being able to know the password somehow? I'm just brainstorming, but maybe "whole table encryption" as a function in MySQL?!!! Or some PHP feature that obfusticates in a refusticationable way? :-) A built-in encrypt/decrypt within PHP, perhaps? So that ONLY the computer will be able to encrypt/decrypt the data...I couldn't access it even if I'm fully in control of the database and the php code? Even if someone had a gun to my head or put bamboo under my fingernails or other such ghastly things?

I want to have a reasonably secure plausible deniability in saying, "I actually couldn't know what's in there even if I wanted to." For certain columns that are NOT able to be encrypted with a user-supplied password. Seems I'm stuck either creating a plain string or else encrypting that string with, ahem, yet another string.

It seems like I can't be the only one trying to achieve this but I've searched and searched and can't find a similar application being discussed...let alone solved. All the pages seem to assume that one knows the passphrase already or else is trying to crack it from the encrypted data. A Catch-22. Or maybe a Schroedinger's Cat?

Any help will be greatly appreciated. Thank you!

Community
  • 1
  • 1
user1149499
  • 573
  • 4
  • 12
  • 30
  • I'm not exactly sure what you're asking... – RoraΖ Jul 25 '14 at 17:45
  • Perhaps relevant? http://blogs.msdn.com/b/ericlippert/archive/2011/09/27/keep-it-secret-keep-it-safe.aspx – ntoskrnl Jul 25 '14 at 17:48
  • @raz I just edited the title to make it more clear. – user1149499 Jul 25 '14 at 17:52
  • @ntoskrnl, no, this is more general than what I'm looking for. Unless there's a way for the server to secretly create and store the public and private key for encrypting/decrypting a particular bit of data. I don't see the way this would apply but thank you for the link just the same! – user1149499 Jul 25 '14 at 17:56
  • So you want the server to be able to encrypt and decrypt anything it's storing without a password given by the user? – RoraΖ Jul 25 '14 at 18:01
  • @raz - Yes! And without me being able to look at the stored data and figure out how to decrypt! – user1149499 Jul 25 '14 at 18:03
  • Because if the server generates $password and encrypts, it has to somehow store $password to decrypt...and all I need to do is look at the MySQL table and voila: I can decrypt too. – user1149499 Jul 25 '14 at 18:04

1 Answers1

0

You can unset variables before the end of your script, such that they will not be accessible after it has been ran. Aside from that, unless you look into SSL, the server won't encrypt things unless you tell it what to encrypt and how.

Perhaps you can also look into having randomly generated decryption keys generated in the client, tell the user to save those keys, and not keeping them. This is how mega.co.nz operates.

Additional relevant discussion in comments.

Pablo Canseco
  • 554
  • 1
  • 10
  • 24
  • thank you for the suggestion. In this case the user part is not a problem. But I need to have NONuser-input encryption by the server, for the server, and nothing but the server. Even with SSL, the server would have the public and private key pair, which could be used by the admin to gain access. In the case of UNSET, that would work GREAT if it were a session...but this will involve one action happening in one place and another action happening elsewhere (different computer, maybe different country). I could see it ENCRYPTING fine, but after the session ends, how to decrypt? – user1149499 Jul 25 '14 at 19:28
  • You can't decrypt unless someone, be it the server, the user, or the admin knows the key. If the key is discarded, decryption becomes highly difficult. I'm not aware of any algorithm that allows for keyless decryption. – Pablo Canseco Jul 25 '14 at 19:50
  • But is there a way for the server to know AND STORE the key without the user or admin knowing what it is? If I can answer that, then I might be golden. I see ways to use it dynamically while the session is going, but not how to retain it for use days or weeks or months later when it's needed. – user1149499 Jul 25 '14 at 19:54
  • No. anything stored by the server is accessible to a sufficiently determined individual. – Pablo Canseco Jul 25 '14 at 20:26
  • Okay...then that's probably the answer I'm looking for. Do you want to post it as an answer? (Can you answer twice?) I'll select it in a day or so if I don't get some other creative solutions. Thank you for taking the time and I hope this question is SO worthy. I got marked down for some others and really tried hard to ask it well. – user1149499 Jul 25 '14 at 20:37
  • You can just accept this one, I edited it to draw attention to the comments. – Pablo Canseco Jul 25 '14 at 20:40
  • Thank you @Pirate43...this was helpful. I realized how to get around this problem, too, but only because I gave up trying to have a keyless encrypting done on the stored data. So this turned out to solve the problem, too...though via a Plan B since my original thought wasn't possible. THANK YOU! – user1149499 Jul 26 '14 at 02:17