I am building an application that includes PII (e.g. telephone number) encrypted using CakePHP's Security Utility. I've patterned my code after the custom database recommended by @ndm -- so AES-256 encryption is taking place at the application level and then gettingpassed to a MySQL database. This is working great but I'm not sure how to implement search.
I understand that I cannot do fragment comparison (eg LIKE %%), but expect that it is possible to search for an exact match. However because Security::encrypt returns a different string each time it's used, the following will not work:
$query = $this->Users->find('all')
->where([
'telephone' => Security::encrypt($search, Security::getSalt())
]);
I searched for similar questions and found one in which the accepted answer was to create additional columns containing string hashes for each encrypted column (elsewhere this is called a blind index). I would prefer not to modify my database but can do so if this is the only solution.
Any advice appreciated!
