View Full Version : ow to use Asymmetric Encryption (Public/Private Keys) for Storing Data in MySQL

03-31-2007, 03:54 PM
I've been searching for days and I'm unable to get a good handle on this problem. I've found a treasure trove of "theoretical" articles on the subject - its seems possble - but almost no implementation examples. Any advise and practical examples would be much appreciated.

Here's what I'm trying to do... I'm collecting data from users and want to store it encrypted within MySQL. I want to use Asymmetric Encryption so that script uses a public key to encrypt, and a "secret" private key is used to decrypt. Obviously, the private key is NEVER stored on the server in any way. The decrypt script/function would only be accessible to the admin, and the private key must be entered manually by the admin via a SSL connection whenever they want to view any data in the database.

03-31-2007, 04:00 PM
I did research on this a while ago. It looked really good:


You can also just search for Stone php safecrypt, and it will return some results for you.

03-31-2007, 04:31 PM
Someone correct me if I am wrong, but the Mcrypt functions (used by the code at the link iLLin gave) are symmetric (using the same key to encrypt and decrypt).

To use asymmetric public/private encryption/decryption, you would need to use the openssl functions (openssl_seal() and openssl_open()) with a self generated and self signed public/private certificate pair. I did this a while ago to send sensitive information within the body of an email, but it would apply to encoding information going into a database and decoding it later.

If the information in question in this case are credit card numbers, your merchant account agreement will specify under what conditions and with what encryption methods you are allowed to store these to remain within the terms of that agreement.

03-31-2007, 05:24 PM
I thought there was a way to do both? Been a while since I looked at it and I could have read that somewhere else when I was doing a lot of research on this. But I'm almost positive you can set both.