-2

I started updating my application to be compliant with GDPR. This application is using latest version of Codeigniter (I updated now as well). I'm trying to encrypt user's email address using 'Encryption' library. I set my encryption key and I used $this->encryption->encrypt() to encrypt my email address. Everything is fine until here, but how am I supposed to check if this email address is unique in my database anymore?

EDIT: I didn't change any default settings of Encryption library.

Thank you!

GasKa
  • 663
  • 5
  • 25
  • 2
    If you are using the same encryption process and key, the resulted encrypted string will be always the same, which mean is unique. You would need to ensure the database has defined the unique key on it. – ajreal May 16 '18 at 06:35
  • Hmm, I've tried executing `$this->encryption->encrypt('test@domain.tld')` in my controller's `__construct()` and after each page refresh there's another encrypted string. Are you sure that's unique? – GasKa May 16 '18 at 06:40
  • Are you going to encrypt all of their data? So address fields as well? Seems a bit overkill to do this as the only benefit I see in terms of GDPR is that if your system gets breached you don't have to say: "hey so and so, your email address was taken from our server" – Alex May 16 '18 at 06:51
  • 1
    @ajreal Actually no, because Codeigniter prepends a random IV to the cipher-text. See https://www.codeigniter.com/user_guide/libraries/encryption.html#how-it-works. – Mike May 16 '18 at 06:52
  • 1
    @Mike Not only that, but CBC (which is the default mode) produces different ciphertext with different IV – t.m.adam May 16 '18 at 06:55
  • No, email address will be the only thing encrypted. I don't use real names or physical addresses. @ajreal Oh, I didn't see that part when I read documentation. And it's possible to stop library from doing that with rewriting it? It's ok to remove it? – GasKa May 16 '18 at 06:56

2 Answers2

1

Even though I agree with Alex's comment above that encrypting emails is just overkill and provides very little benefit, and, in fact, is NOT required by the GDPR as you seem to imply it is, one way you could encrypt your users' emails (if you really wanted to) and ensure they are unique is to move your UNIQUE index to a sha256 hash of the email instead of on the encrypted email column. Since the same email address encrypted using a different initialization vector will produce a different output, you cannot put your UNIQUE index directly on that column, however sha256 will always produce exactly the same result. The chances of collisions with sha256 hashes is essentially zero, and in the extremely unlikely event that there is a collision, the user just gets a notice that there is already an account registered with their email. Not really a big deal.

Mike
  • 23,542
  • 14
  • 76
  • 87
  • Thank you! I didn't know that even if I read on over than 10+ sites... Email is the only thing that can be related to user. – GasKa May 16 '18 at 13:56
1

STEP 1: Load an encryption library

$this->load->library('encryption');

STEP 2: Create an encryption key for a config file application/config/config.php

$this->encryption->create_key(16);

############### OR #############

bin2hex($this->encryption->create_key(16)); // For more user friendly cipher text

Add this key inside the config file

$config['encryption_key'] = hex2bin(<your hex-encoded key>);

STEP 3: For encrypt a plain text to cipher text

$plain_text = 'This is a plain-text message!';
$ciphertext = $this->encryption->encrypt($plain_text);

STEP 4: Decrypt Cipher text to plain text

// Outputs: This is a plain-text message!
echo $this->encryption->decrypt($ciphertext);

Notice: You might require to load driver if no driver is loaded

$this->encryption->initialize(
  array(
    'driver' => 'openssl',
    'cipher' => 'aes-256',
    'mode' => 'ctr',
    'key' => '123456' // OR any hash if empty then takes from config file
  )
);

reference: https://codeigniter.com/userguide3/libraries/encryption.html

CodingEra
  • 1,313
  • 10
  • 20