0

I am trying to write an application that requires me to encrypt users data, I have a couple of questions regarding encryption

  • Is "defuse/php-encryption" secure to use in a business environment?

  • How to use this script to insert and retrieve the data from a MYSQL database?

  • The "correct" way to store encryption keys?

I am trying to store the encrypted information in a BLOB field in a MYSQL database.

After Ive inserted the data into the database (a simple PDO insert) it will say;

       "DANGER! DANGER! The ciphertext has been tampered with!"

I assume this has something to do with me inserting the data into the database!

The idea I had was generating one key, storing the generated key some where in a PHP script and using only one key.

What is the most secure way of;

  • generating a key?

  • storing the key?

  • fetching & decrypting the data at a later date?

Any help || reading material is greatly appreciated!

Dan
  • 183
  • 2
  • 14
  • For the tampering: I would file an issue on the Github repository, but keep in mind that it returns **raw binary** so you need to `base64_encode()` it before storing it in a TEXT field in a database then `base64_decode()` it before decryption. – Scott Arciszewski May 14 '15 at 21:12
  • 1
    "Is "defuse/php-encryption" secure to use in a business environment?" -> It's the most secure one I've encountered, except libsodium (which requires a PECL extension) – Scott Arciszewski May 14 '15 at 21:16
  • Thank you for taking the time to post some comments, so what you are saying is i need to follow these steps >Generate key > encrypt data > base64_encode() > insert data > Fetch Data > base64 _decode() > decrypt? Could you point me in the direction of the correct way of storing the generated keys E.G a text file ( Ive read storing it in a MYSQL database is not the way) – Dan May 18 '15 at 08:17

0 Answers0