What's the best method to use / store encryption keys in MySQL

Question

I plan on using MySQL and it\'s built-in encryption functionality to encrypt / decrypt certain columns in certain tables. The concern I have is that I need to store the key

Answer 1

I'm not sure if using MySQL build in encryption would be the best solution to your problem.

PHP's M_CRYPT package is thought to be quite good and it gives you the flexibility to choose the algorithm that is best suited for your needs.

Storing your key on some other server has one big advantage: the key is not on the same machine as the encrypted data^*). So as long as the attacker does not have enough control over the compromised machine, they cannot get to the key.
If the attacker gains full control of the machine the data is stored on, they most likely will be able to query the web-service for the key.

However, transmitting the key from one machine to another opens up an entire new area that needs to be secured. Probably involving more key's and more encryption layers, thereby increasing the chance of mistakes being made.

^*) The other option is to enter the password upon webserver start up and only keep it in memory.

Possible solution
If seen a solution employed that used the following method for encrypting files for users with web access (I'm not sure of your environment, but it might be helpful):

• Upon user creation, a long random key is assigned to the new user.
• This random key is stored in an encrypted column in the user record.
  (only this column is encrypted as to not affect the performance of the rest of the record!)
• The encryption of the random-key column is done with 1 master password, stored in a file or in memory.
  (The better option is to enter the password upon staring your webserver and only store it in memory.)
  (Another approach would be to let the user enter a password and use that to encrypt/decrypt the random-key column, but I'm not sure if that would increase or decrease security)
• Every document that needs to be encrypted is encrypted with the random-key for that user and then stored on disk.
• Documents are stored with minimal permissions in the file-system.

The advantages of this approach are:
1. The random-key is encrypted in the database. So you still have the added security of the database-server, in combination with the encrypted column. 2. Documents are stored with different keys, if the attacker gets hold of a key, only part of the documents is compromised.

However:
If the attacker gets hold of the master password and has read access to the user-table, the entire system is, once more, broken.