Hello guys I have a security question regarding encrypting/decrypting personal sensitive information: Identity(Name, Address, Phone number), Bank details(Sort code and account number) almost anything is encrypted and it is accessible only by the person himself and by the authorized person to use personal data. And now the main questions are:
1. Is my method secure enough?
2. Is there any better way of doing so?
3. Where shall I use the keys from database or from $_SESSION?(Where is the best plase to use them for decryption for the user to review hes details)
Here is the code:
$iv = mcrypt_create_iv(32, MCRYPT_RAND);
$key = mcrypt_create_iv(32, MCRYPT_RAND);
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $unencrypted, MCRYPT_MODE_CBC, $iv);
That is for encrypting the data before I send it to the DB
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_CBC, $iv );
And this is the decrypting method.(Using the $encrypted, $key and $iv from the above sample).
There is no security advantage in encrypting any sensitive information and storing keys in the database. It's the same as locking safe and leaving keys in the keyhole. At least you need to store keys on the file system, not in the database. In this case if your database is leaked (for example because of SQL injection attack), attacker will not ba able to decrypt it because they don't have keys.
Edit There is no way to secure file that contain the key, because PHP need to read it in order to make required operations. However you can use HSM (Hardware Security Module) device to store keys there. Look at YubiHSM for example.