I’m writing a php application that accepts sensitive customer data, and so I need to encrypt it before storing it in a mysql database. I’m going to use mysql’s built-in AES functionality to do column-level encryption.
I want to avoid storing the encryption key on the server, and so i’m going to provide a web-page for an administrator to log-in, and enter the encryption key. I want to store this key in memory while the application is running, but never permanently to disk.
What is the best way to do this?
Can I modify the $_SERVER array to store information between requests? Can I store the key with apache in some way? Maybe shared memory?
Advertisement
Answer
I ended up storing the encryption key in an in-memory table. All access to the database is done through a set of stored procedures; The stored procedures include the ability to do key management (i.e. insert key to memory-table, change keys, check if a key has been entered etc.), as well as store/retrieve application data.
With this design, the database credentials left on the application server only have the authorization to query through the set of defined procedures, and have no way to read the encryption key directly.
I liked this approach because:
- The key isn’t stored on the file system – preventing issues with hardware disposal at end-of-life, and from prying eyes of system administrators
- The application code can’t get access to the key (other than while entering it), so the only place it will ever reside is within the database process.
- All logic for encryption/decryption is embedded within the SQL queries, so don’t need to worry about application code doing it correctly – Nice for maintenance.