1

I want to save sensitive user data to my mysql database table. Naturally I want it to be encrypted before saved to the table.

Many tutorials I saw on internet the tutorial makers write encryption keys and decryption keys in source code clearly which it doesn't make sense to me.

If someone can reach the database it doesn't matter he/she cannot see data in cleartext if source code (which includes the codes and shows how we encrypt or decrypt the data) is hacked either. So he/she can easily read our data.

My question is, is there any way to hide the encryption key or encryption algorythm and if yes how can I do it?

S.Grain
  • 182
  • 12
  • Are you sure about this? If you don't know how to encrypt such data, you should **not** store credit card numbers. – Nico Haase Jun 24 '21 at 10:27
  • I am not doing anything right now but I want to learn about how it is made. – S.Grain Jun 24 '21 at 10:39
  • You should rather subscribe to token service, if your payment processor supports it. If you want to encrypt you can use HSM to protect your keys securely – Pras Sep 17 '21 at 09:35

1 Answers1

2

With respect, what you propose to do is a very bad idea. You'll have an extremely hard time passing a Payment Card Industry Audit if you store card numbers in a form where it's possible for your software to decrypt and use them. And if a cybercreep compromises your system you'll get the dreaded call from Brian Krebs (of krebsOnSecurity.com). Use stripe.com or Braintree instead. They have very competent security teams. They give you secure tokens to represent your customers' card numbers.

But that is not what you asked. You want a reversible way to encrypt payment card info.

You could use a private/public key scheme. To do this with best security, you'll generate the key pair on a machine you usually leave switched off and disconnected from the network. You'll copy the public key to your web servers, and use it to encrypt the payment card data. (By the way, merchants are forbidden from storing the 3-digit CVV number in any form.) php offers the openssl_public_encrypt function for that.

Then when you need to decrypt the card numbers, you'll temporarily switch on the secure machine and decrypt the card numbers there. You can use openssl_private_decrypt.

I once renovated a payment processing scheme that did this secure-machine thing so it used stripe.com instead. Everything about using the service was easier.

In general, to store sensitive data (other than the tightly regulated payment cards) you

  1. use your DMBS-furnished encryption-at-rest scheme to encrypt your tablespaces.
  2. read and follow the OWASP recommendations for securing your web app.
  3. perform penetration tests on your system. Burpscan is one of several tools you can use to do this yourself.
O. Jones
  • 103,626
  • 17
  • 118
  • 172