I run a DV 3.5 server on MediaTemple with Linux CentOS 5, php and mysql DB and am trying to encrypt phone records with AES.
I came across what seems to be good script as PHPAES
but I am not sure of the following:
-
Where do I actually store the AES
Encryption key used to encrypt and
decrypt the phone number? -
How do I call on the AES encryption
key when a user submits their data
via form and stores into our MySQL
database? -
When I want to descrypt that information for our internal customer service agents – how do they in turn call on the AES key?
I realize this is probably very simple but please don’t insult. I am trying to learn best practice for how to move forward with any type of encryption whatsoever. Something (to this point) we have not had need for.
I actually ended up going this route:
I encrypt the initial data with a salted hash which is stored in the database itself (and is unique to every record stored). I then take that 256bit AES encrypted string and run it through RSA encryption with my public key which sits server side.
in order to decrypt, I have to upload a temporary file with my private key and retrieve the necessary data.
quite secure in my opinion.