I'm making a portal website for my own company. It stores some sensitive user data and i want to store it encrypted. But before actually implementing anything like this i want to be certain and obtain a full understanding and conceptualize it.
I was personally thinking storing it at database level using MySQL's AES_ENCRYPT() after encrypting it in my backend.
What i got in mind is the following:
- User registers
- Upon registering a random salt is generated
- the salt gets encrypted using Hmac SHA256 and stored in the database using AES_ENCRYPT()
- When my backend has to store a user's sensitive data it derives a 256bit private key by using the user's encrypted password (PBKDF2) and encrypts it using the earlier generated salt.
- the encrypted data is encrypted yet again at database level using AES_ENCRYPT()
I dont want to store the actual private key whatsoever, therefore im thinking of this approach. It also might be worth to note that the user base isnt large so the process being resource intensive isnt a dealbreaker. Would this be considered good practice? If not, what is there to change or improve?