Where should I store an encryption key for php?

2019-01-26 15:11发布

问题:

I'm writing a php application that accepts sensitive customer data, and so I need to encrypt it before storing it in a mysql database. I'm going to use mysql's built-in AES functionality to do column-level encryption.

I want to avoid storing the encryption key on the server, and so i'm going to provide a web-page for an administrator to log-in, and enter the encryption key. I want to store this key in memory while the application is running, but never permanently to disk.

What is the best way to do this?

Can I modify the $_SERVER array to store information between requests? Can I store the key with apache in some way? Maybe shared memory?

回答1:

Rather than rely on MySQL AES for encryption, why not use PHP's native openssl encryption scheme (a PECL extension). This requires a private and public key, public to encrypt, private to decrypt, and the keys can be kept in separate places.



回答2:

I ended up storing the encryption key in an in-memory table. All access to the database is done through a set of stored procedures; The stored procedures include the ability to do key management (i.e. insert key to memory-table, change keys, check if a key has been entered etc.), as well as store/retrieve application data.

With this design, the database credentials left on the application server only have the authorization to query through the set of defined procedures, and have no way to read the encryption key directly.

I liked this approach because:

  1. The key isn't stored on the file system - preventing issues with hardware disposal at end-of-life, and from prying eyes of system administrators
  2. The application code can't get access to the key (other than while entering it), so the only place it will ever reside is within the database process.
  3. All logic for encryption/decryption is embedded within the SQL queries, so don't need to worry about application code doing it correctly - Nice for maintenance.


回答3:

One possibility is to create a RAM disk and store the key there.



回答4:

The safest place to store any kind of encryption key is on the server NOT in the database, and make sure it is owned by root and not readable by others.