1

I have been asked to do some research on how form submission data can be encrypted and ensure that it is stored securely in a database. The form submission will contain personal details about employees and these must be kept secure.

I have come across AES_ENCRYPT() during my research and have managed to apply this function so that it stores the data successfully in the database.

Example SQL statement I used:

"INSERT INTO employee (firstname) VALUES (AES_ENCRYPT('$name', '$encryption_key'))"

However, I have very limited knowledge in this area and am not sure if this is sufficient enough protection to prevent the data being hacked. What level of security does this provide? Is there anything that I have missed or another technique I could use to improve my implementation?

Additionally, I have stored the encryption key in a separate PHP file but I do not know what the recommended way to store it is. Any advice on this would be much appreciated.

Sorry if this question is vague or quite broad. I am a complete beginner in this area. I am happy to provide more information if it is needed.

Jade
  • 23
  • 6
  • 2
    Encryption is pretty irrelevant if you're susceptible to [SQL injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). You should build your queries with [prepared statements](http://php.net/manual/en/pdo.prepared-statements.php). – Alex Howansky Apr 06 '17 at 14:43
  • I simplified my statement to reduce the amount of code in the question, but have used: $stmt = $conn->prepare("INSERT INTO employee (firstname) VALUES (AES_ENCRYPT(?, '$encryption_key'))"); $stmt->bind_param("s", $name); – Jade Apr 06 '17 at 14:44
  • Ok good, thought that might be the case. – Alex Howansky Apr 06 '17 at 14:45
  • Very good point though! I did see a lot of examples explaining how to use AES_ENCRYPT that did not use prepared statements so as a beginner it can be quite easy to overlook them. – Jade Apr 06 '17 at 14:50

1 Answers1

0

AES (Rijndael) crypto is pretty doggone secure. In practice, unless your data is tremendously valuable, you can consider it secure. Unless some actor with vast resources decides they want to crack your encryption, nobody will.

But it's symmetric. It uses the same key to encrypt and decrypt stuff. So, you can consider it to be as secure as your key.

Your key is insecure. If a cybercreep cracks the server running your php code, they immediately get access to your key. And that gives them access to your encrypted data. And they have a bright neon road sign saying "here's the data I think is sensitive."

Don't forget that security depends on the weak link. Generally it's considered smarter to use your money and time to secure your server, rather than use symmetric encryption on a few columns of a dbms. In other words, with respect, you're probably wasting your time doing this column based encryption.

If you absolutely must encrypt data at rest, you should consider using an asymmetric (public / private key) cryptosystem. Encrypt stuff using the public key, and keep the private key on an airgapped secure system in case you need to decrypt some data.

Your example (first name) isn't sensitive enough to be worth this trouble.

O. Jones
  • 103,626
  • 17
  • 118
  • 172
  • Thank you for your advice. Do you know where I could find information that would help me learn how to use an asymmetric (public / private key) cryptosystem? Or would you be able to provide details explaining this further? – Jade Apr 06 '17 at 15:49
  • @Jade An asymmetric system is most useful in a many-one relationship, i.e. if you have multiple senders encrypting data, but only one receiver decrypting it. In your scenario, you would be able to send a public key to the clients, and have them encipher their data before sending it back to you, where you could then decrypt it with your server-side private key to read. But that would be a waste of time, because that's functionally just HTTPS. If you keep your key secure, which is a lot harder than it might sound, this symmetric scheme is fine, if of debatable utility. – F. Stephen Q Apr 06 '17 at 21:12
  • "AES (Rijndael) crypto is pretty doggone secure": 100% agree if you use it in the right mode of operation (CBC, CTR, GCM, etc...). But this code has no IV, so I get a funny feeling that she is using it in the insecure ECB mode. As for asymmetric crypto, it only helps if he does **not** need to decrypt the data on the same system. If she does need to decrypt on the same system, then best to stick with the AES. – TheGreatContini Apr 06 '17 at 21:35
  • @F. Stephen Q Thank you, keeping the key secure was my main issue I was having. I have no experience in this area and have no idea what the best practice is for keeping my key safe. Would you be able to suggest how I could achieve this? – Jade Apr 07 '17 at 09:51
  • @TheGreatContini I have come across solutions using OpenSSL which use an IV but I do not how to implement it using AES_ENCRYPT(). – Jade Apr 07 '17 at 09:52