I'm using Angular, Java, and MySQL to build a secure web application.
I want to save encrypted text to the database and decrypt it in Java. This means that anyone accessing the database (e.g. database administrator/developer) will not see sensitive information, except for the owner of the text by using the web application.
I am aware of one way hashing methods which can be used for passwords but it cannot be decrypted back to its original form.
Asked
Active
Viewed 3,398 times
1
ToDo
- 754
- 2
- 17
- 31
-
you could use database encryption – Mário Fernandes Sep 08 '17 at 12:52
-
@MárioFernandes but to use the databases encryption with MySQL do you need the Enterprise edition? Right? – Teo Sep 08 '17 at 13:10
-
MariaDB does not need it if I'm not mistaken. Base MySQL I'm not sure, google a little :) – Mário Fernandes Sep 08 '17 at 13:13
1 Answers
2
The hash function doesn't permit the decryption.. Indeed it return a digest.. And the force of the hash is that it should be impossible obtain from the digest the original data.
If you want encrypt and decrypt you could an algorithm that do it, like AES and implement it.
I search just few seconds, here an example: https://www.quickprogrammingtips.com/java/how-to-encrypt-and-decrypt-data-in-java-using-aes-algorithm.html
Otherwise here another example: https://howtodoinjava.com/security/java-aes-encryption-example/
Then after you obtain your encrypted data you can save them using your method to access to the database
Teo
- 3,143
- 2
- 29
- 59
-
The examples are very nice but I have one important question. Lets say that each user has their own secret key used to encrypt/decrypt. Where should the individual users secret key be stored? If I store it in the database, what would stop a developer from retrieving the users secret key and encryped text and decrypt it. – ToDo Sep 08 '17 at 13:18
-
You can decide to save them where do you want.. You can save the private key inside a file and give it to the user using an usb.. Weel, you should avoid to save the private key on your database because their are private.. so only the owner should have the private key.. Instead you can save the pbulic keys inside the database... – Teo Sep 08 '17 at 13:26
-
Thanks for your reply. Is there any other way around storing the private key other than giving it directly to the user (for ease of usability of the application and in case they lose it)? I believe using a KeyStore is one method – ToDo Sep 08 '17 at 15:23
-
@ToDo of course! you can use a KeyStore.. If I remember correct there its a class inside java to implement a keystote,,, – Teo Sep 08 '17 at 18:57