I’m developing an add on to a system I have that will allow my clients websites to pull data from it to display on their sites.
Now, most of the time the information being stored in the system is not in any way sensitive (because its just published to their website) but some users have set up tables that they want to manage in the system out of convenience, but not publish on their website – though they might want to make a request on it (ie, to check a customer has a login to their website perhaps, or to grab an email address). So I need to encrypt the responses to reduce the chances of someone getting the data that shouldn’t have it.
My plan is that the user will identify themselves with a user ID, a public key, and the name of a query they want to run (which they will have defined in the system itself beforehand) – and the request will take a form something like this:
require("backend-api.php");
$myUserID = "bobs-restaurant.com";
$myPublicKey = "sdg136MAGHYasfadgHGQ"; //send this with the request
$myPrivateKey = "adgljavd8i1356avdilj"; //never send this anywhere
$queryName = "LIST_OF_DISHES";
$backend = new backend-api();
$response = $backend->getData($myUserID,$myPublicKey,$queryName);
$list_of_dishes = $backend->decrypt($response,$myPrivateKey);
//user then goes on to use the data in their code or maybe just display it as-is.
It has to be simple, because the users are either not going to be seasoned PHP’ers or they’re going to be time poor, and using the system to instead of having to write their own content management solution.
Assuming the above user ID and public key were a match, and the query existed and returned data – I was going to have my system encrypt the response to a private key which is known to the user ($myPrivateKey) and which is known to my system, but never exchanged between the two in a request so that it couldn’t be intercepted, and I was going to use something like this reversible encryption class to do the encryption.
The problem is, I’m going to have to provide users with the decryption class so that they can get the data out of the response.
So if Mr Malicious somehow obtains a user ID and public key belonging to someone else, and he has downloaded a copy of the decryption class from the tutorial/user manual on my systems website, am I right in saying that he wouldn’t need to know the private key, because he could just work out how to decrypt it from studying the code?
If the answer is yes, what is it that I haven’t thought of that will prevent that from happening?
Mr Malicious wouldn’t know how to decrypt anything from simply studying the code. The best he could do would be to brute force the “private key”.
I put that in quotes because this actually isn’t public key encryption or cryptography. This would only be public key cryptography if your server encrypted the data using the client’s public key, then the client decrypted that using their private key. If that were the case, the server would have no need to know the private key at all. But it sounds like you’re using the public key for something entirely different.
What you seem to be talking about here is symmetric key cryptography (using the same key to encrypt and decrypt the data).
If you use a strong encryption / decryption method, your method seems fine, but I would go with an existing algorithm such as Blowfish or AES.