-2

I need to build web server (window server) with a tokenization engine for encrypting sensitive data. As per client requirements:

  • The server should be configured with a unique encryption/hash "seed" file that can be backed up
  • The server should use the seed file to tokenize (i.e. mask/hash/encrypt) sensitive data fields
  • The server should pass the tokenized values to the database (MySQL) for save operation.
  • The server should un-tokenize the data when retrieved from the database for display on the website

My question is

  • how to create seed file?
  • if data is encrypted using seed file and then somebody change/update seed file. In this case can we able to decrypt data
TylerH
  • 20,799
  • 66
  • 75
  • 101
user2745580
  • 123
  • 7
  • 1
    Tokenization is not encryption so the title is unclear, the question needs more clarity. Is this to deal with payments? Does the "seed" file only contain one "seed" entry? Is the "seed" really just an encryption key? When you say "encryption/hash" you do understand the difference, that a (cryptographic) hash is a one-way function that is not reversible? When you say "tokenization" does that really just mean encrypted data? – zaph Mar 29 '16 at 11:35

1 Answers1

0

One can create a "seed" with a cryptographic PRNG (Pseudo Random Number Generator) or a HRNG (Hardware Random Number Generator). Most computer systems contain a cryptographic PRNG and HRNGs with a limited entropy rate can be purchased cheaply in USB configurations.

Save the generated seed in a secure (possibly bank) safe on paper and/or a USB drive for restoration.

On the high security end use a HSM (Hardware Security Module).

The server needs to be secure including good two factor authentication.

This seems to answer the final question statement but entire question is unclear. If you are dealing with CC payments you will need to become familiar with PCI (Payment Card Industry).

zaph
  • 111,848
  • 21
  • 189
  • 228
  • Thanks.. yes seed will contain encryption key. hash will not be relevant in my case as it is one way only. when I say tokenization I meant only encryption and decryption of sensitive data using seed file.... NO this requirement is not for any payment purpose ..this is just to store user sensitive data for country regulation purpose – user2745580 Mar 29 '16 at 12:27
  • You might consider rewording the question, replacing seed/hash/tokenization with secret key. In the case of a simple key create with a cryptographic PRNG and just write it down in hex on a piece of paper and put it in a bank safe deposit box. – zaph Mar 29 '16 at 12:34
  • if my understanding is correct then any data encrypted using secret key would only get decrypt with same secret key.. if secret key is changed or lost then already encrypted data would be corrupted. Please let me know if I am wrong here. Also would you suggest any non collision encrypt algorithm like RIJNDAEL, DES etc.. – user2745580 Mar 30 '16 at 09:17
  • Yes, the key is necessary. Use AES (Advanced Encryption Standard) encryption, it is a subset of Rijndael with a 128-bit block size and key lengths of 128, 192 and 256 bits. There are aspects of encryption you need to consider: generally use CBC mode with a random iv prepended, PKCS#7 née PKCS#5 padding and possibly encryption authentication and versioning. Do not use mcrypt, it is not being maintained, only supports null padding and written by Bozos. Use either [RNCryptor-php](https://github.com/RNCryptor/RNCryptor) of [defuse/php-encryption](https://github.com/defuse/php-encryption). – zaph Mar 30 '16 at 12:07
  • Thanks for detailed information . just one more clarification regarding "creating seed with a cryptographic PRNG...." Is "cryptographic PRNG" any utility available in window system which we can run to generate/use secret key.... Also what is limited entropy and why do we need to purchase it since generating key will be one time affair if I am not wrong and same will be used to encrypt/decrypt.... appreciate if you could provide detail – user2745580 Mar 30 '16 at 12:40
  • Most systems supply a cryptographic PRNG, it is sufficient for your needs. It generally self seeds, used activities such as interrupt timings to further achieve randomness. There is no need to purchase a HRNG, that part was in the answer prior to comments clearing up usage. See [Secure random numbers for PHP developers](http://timoh6.github.io/2013/11/05/Secure-random-numbers-for-PHP-developers.html), also defuse supplies `Crypto::createNewRandomKey`, – zaph Mar 30 '16 at 13:06