2

I find myself in a situation where I have a set of users on a site who all have stored usernames and passwords that allow them to automatically access third party services via SOAP. The idea is that each user should only need to log in to the main site to gain access to multiple services, using their respective stored user info for each service. I feel like such data should be encrypted in my database when stored and then automatically decrypted when it's passed to the php/SOAP function when the user needs to access a given service. What would be the best way to accomplish this?

I've had a look at AES_ENCRYPT, but it seems as though the encryption and decryption makes use of a key that would have to be stored in my code, in plain text...which doesn't seem like the brightest thing to do. Anyway, this is my first time out on something like this (if you couldn't tell); if you could give me some pointers on how I should approach this, I'd really appreciate it.

Many thanks in advance

neanderslob
  • 2,633
  • 6
  • 40
  • 82
  • Try base64_encode() and base64_decode() – BKM Oct 30 '13 at 06:06
  • 1
    @BKM Many thanks for your response, but isn't base64 just a way of encoding binary data as printable text? As I understand it, it's not encryption. [As explained here?](http://stackoverflow.com/a/4070709/2540204) Let me know if I'm missing something. – neanderslob Oct 30 '13 at 06:11
  • Actually base64_encode is not a way of encrypting data. Its better to use AES_ENCRYPT than base64 encode. But as you don't want to use AES_ENCRYPT I just gave you an option to encode data with out having a key to decrypt it. – BKM Oct 30 '13 at 06:14
  • @BKM I don't really have anything against AES_ENCRYPT itself; it just seems like (from my limited understanding of it) that I would have to store the key in an unsecured way in order to automatically access the encrypted data. Is there a way around this conundrum with AES_ENCRYPT or a similar method? – neanderslob Oct 30 '13 at 06:21
  • Check this out http://stackoverflow.com/questions/9971532/how-to-use-aes-encrypt-properly – BKM Oct 30 '13 at 06:24
  • Yes that's why I gave that link to you. Try the method mentioned there. I think that will be a good option for you. – BKM Oct 30 '13 at 06:33
  • @BKM Thanks for the link. Indeed the fellow was asking exactly the same question as I am but the answers that he receives seem to all consistently recommend a 1-way hash, which cannot be decrypted. This is different from my purposes, as the reason I'm storing these passwords is for the explicit purpose of recovering them to log into another system automatically at certain times. I therefore don't know how a hash would help me do what I'm attempting. Thanks for the suggestion though and let me know if I'm not understanding something. – neanderslob Oct 30 '13 at 06:37

1 Answers1

3

You stumbled over the biggest problem with encrypting data in the database:

➽ Where to store the key?

Encryption cannot solve the problem of securing data, it can only "concentrate" it to a key. Wherever you store the key, your application must be able to decrypt the data, so can do an attacker. There are two possible solutions to this problem i know of:

  1. Place the key in a place as secure as you can. That means, it should surely be placed outside of the www-root directory in an inaccessible directory on the server. Depending on the importance of the data, you can also consider to outsource encryption to another dedicated server.
  2. Don't store a key at all and derive it from the user password. This is the only really safe way, because not even the server can decrypt the data then. The cons are of course, that the user needs to enter the password every time he uses your service. If the user changes the password, you need to re-encrypt all data. If the user forgets the password, the data is lost.

P.S. I would recommend to encrypt the data before storing it to the database, because MySQL AES_ENCRYPT uses the ECB mode without an IV. This allows to search for a certain value, but is less secure (i'm pretty sure that you don't want to search by password).

martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
  • Now THAT makes sense! Thanks for your answer; it seemed like everything I read online was dancing around this fundamental point (probably because it's understood by most and therefore isn't worth reiterating). Also good to know on your AES_ENCRYPT point. Is there a tutorial out there that you would recommend to get me started on a good encryption practice for PHP? Clearly I'm planning on Googling one up for myself but I was just wondering if there was anything that you might recommend. Thanks again for the help. – neanderslob Oct 30 '13 at 20:51
  • 1
    @neanderslob - There is a library [Zend/Crypt](http://framework.zend.com/manual/2.0/en/modules/zend.crypt.block-cipher.html) which is often recommended, though i never used it myself, because it probably requires the Zend framework. To do it yourself, choose a mode that uses an IV (like CBC, but not ECB). The IV can be combined with the resulting cyphertext. Then use a binary string of the required length as key (often 32 bytes), not a short password. A simple example you can find on my [homepage](http://www.martinstoeckli.ch/php/php.html#bcrypt) search for `encryptTwofish()`. – martinstoeckli Oct 31 '13 at 08:13