Mysql database encryption

Question

Mysql database encryption

I am trying to create a platform for users who will store sensitive data about their customers. The context is quite simple: French laws forbid me to have access to the data that my users store (for example, medical records of patients).

Therefore, when a user sends data that will be stored in a database, he should be the only one having access to this information. For example, encrypting it with your password. Thus, if I enter mysql, I would only see encrypted stupidity and unreadable data.

My philosophy, which may be wrong, is to learn by doing it. Hope you guys are fine with my approach.

The problem is that I have no idea where to start, how to do it ... and not even what to look for on google. I even tried to find something suitable on codecanyon.net, for example, and could not like any relevant scripts.

Thank you in advance:)!

PS: I will have the same problem with files (jpg, word, pdf, xls ... which should be sufficient for users). But this is another story.

+4

php mysql encryption

Yannickhelmut Oct 7 '15 at 0:13

source share

3 answers

Shadow · Answer 1 · 2015-10-07T01:43:54+0000

, . , , . , , , . , , . . , , , .

, : , . . , . , php ( ) mysql .

, , PKI, (, -), , , . , , , -. , - java .

2 :

, , PKI . .
. , - .

Scott Arciszewski · Answer 2 · 2015-10-07T06:35:19+0000

, , :

.
, .

: API , OpenSSL Libsodium.

/ PHP Libsodium

$store_me = \Sodium\crypto_box_seal(
    $plaintext,
    $recipient_public_key
);

$visible = \Sodium\crypto_box_seal_open(
    $store_me,
    $recipient_keypair
);

/ PHP OpenSSL

/**
 * A human-usable variant of openssl_seal()
 * 
 * @param string $plaintext Your message
 * @param string $publickey_string PEM-encoded RSA public key
 * @param boolean $encode Hex-encode the output?
 * 
 * @return string
 */
function easy_seal($plaintext, $publickey_string, $encode = false)
{
    $pubkey = openssl_get_publickey($publickey_string);
    if ($pubkey === false) {
        throw new Exception('Could not load public key');
    }
    $sealed = '';
    $ekeys = [];
    $result = openssl_seal($plaintext, $sealed, $ekeys, [$pubkey]);
    if ($result === false) {
        throw new Exception('openssl_seal failed!');
    }
    if ($encode) {
        return json_encode([
            bin2hex($sealed), 
            bin2hex($ekeys[0])
        ]);
    }
    return json_encode([$sealed, $ekeys[0]]);
}

/**
 * Inverse operation of easy_seal()
 * 
 * @param string $ciphertext (the output of easy_seal())
 * @param string $privatekey_string PEM-encoded RSA private key
 * @param boolean $encoded Do we need to decode from hex?
 * 
 * @return string
 */
function easy_unseal($ciphertext, $privatekey_string, $encoded = false)
{
    list($sealed, $ekey) = json_decode($ciphertext, true);
    if ($encoded) {
        $sealed = hex2bin($sealed);
        $ekey = hex2bin($ekey);
    }
    $open_data = '';
    $privkey = openssl_get_privatekey($privatekey_string);
    if ($privkey === false) {
        throw new Exception('Could not load public key');
    }

    $result = openssl_open($sealed, $open_data, $ekey, $privkey);
    if ($result === false) {
        throw new Exception('openssl_open failed!');
    }
    return $open_data;
}

$public_key = file_get_contents('/path/to/publickey.pem');
$plaintext = 'Something something dark side';
$store_me = easy_seal($plaintext, $public_key);

// Elsewhere: 
$secret_key = file_get_contents('/path/to/secretkey.pem');
$visible = easy_unseal($store_me, $secret_key);

: https://3v4l.org/BNavp

Abhishek · Answer 3 · 2016-06-08T12:37:27+0000

-, , MySQL Server, SQL-. , ; .

, . , . , :

, , .
, , , .
: , , . , , . . .. , . . , ( ) , , , /.
All you need is
(i) a programming platform to choose from, better than JAVA.
(ii) learn how to use the database with this programming language, MySQL Server is a great choice for working. (iii) And a good encryption algorithm to implement.

I hope I am not angry at this answer :) Greetings.

Mysql database encryption

/ PHP Libsodium

/ PHP OpenSSL

More articles: