Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Best way of encrypting text to store in mysql database

I want to know the best way of storing text in a database and encrypting it so as to prevent others (admin) from reading it. I'm allowing users to write (up-to) paragraphs of plain text and then storing in a database. This text is then displayed back to the user in their account. This means that I will have to be able to decrypt the data once i've encrypt it and stored it in the database. (I have created the project using PHP)

Thanks

like image 280
Kerron Avatar asked Apr 01 '11 13:04

Kerron


People also ask

How do I encrypt a string in MySQL?

The MySQL AES_ENCRYPT function is used for encrypting a string using Advanced Encryption Standard (AES) algorithm. The MySQL AES_ENCRYPT function encodes the data with 128 bits key length but it can be extended up to 256 bits key length. It encrypts a string and returns a binary string.

Can we encrypt data in MySQL?

To enable encryption for the mysql system tablespace, specify the tablespace name and the ENCRYPTION option in an ALTER TABLESPACE statement. mysql> ALTER TABLESPACE mysql ENCRYPTION = 'Y'; To disable encryption for the mysql system tablespace, set ENCRYPTION = 'N' using an ALTER TABLESPACE statement.

What encryption is used in MySQL?

MySQL Enterprise Transparent Data Encryption (TDE) protects your critical data by enabling data-at-rest encryption in the database. It protects the privacy of your information, prevents data breaches and helps meet regulatory requirements including: Payment Card Industry Data Security Standard (PCI DSS)

Should you encrypt data before storing in database?

Encrypting an entire database should be done with caution since it can result in a serious performance impact. It is therefore wise to encrypt only individual fields or tables. Encrypting data-at-rest protects the data from physical theft of hard drives or unauthorized file storage access.


1 Answers

AES_ENCRYPT and AES_DECRYPT are easy ways to encrypt/decrypt strings without writing the code yourself, available in MySql 5 upwards.

Be aware that the output of AES_ENCRYPT is a binary string, which needs to be stored in columns of a binary data type (most likely the appropriate one would be BLOB) instead of text types such as TEXT or VARCHAR that you would normally use for text data.

The problem is that you are going to have to store the encryption key somewhere, and you somehow have to keep the admin from accessing it. I don't know if that will be possible (admin of what exactly?)

like image 69
Jon Avatar answered Sep 28 '22 23:09

Jon