Secure Encryption ... best practice

I am just working on a project that will store personal information.

Passwords are already hashed, but I would like to encrypt the personal information as well in order to boost confidence.

I have never done this before. I read up on a few articles but I was wondering what people suggest here, their experiences and best practices.

Thanks

 

Here is my opinion on this:
If the data is not as sensitive as a Password/Credit card info, or if you are not designing an App that has to do with money or National security, there's no need to encrypt personal information. Personal Information is public enough.

But if you have to encrypt the info so that a rouge sysadmin for example cannot view the data, I think the encryption/decryption should be done on the client side. Doing it on the server means at one point or the order, the server gets the plain text right? You can't guarantee the plain text isn't dumped in some log file or that the rouge sys admin can't write a script to dump it in the log file. So I think client side encryption is the way to go (Personal info only). With this your users will be really confident that only them truly has access to their data

 

What all kind of info do you want to encrypt?

If you want to encrypt CC info, emails and phone numbers, then you can simply use a normal 2 way encryption method (using a good long key), and then save the encrypted string.
Then all you need to do is to protect the key used.
This is a step to secure info in case the database itself is stolen.

Bigger question is, what are all the places where you will be displaying the non-encrypted decrypted string or private info of members.
All those places need to be equally secure.
Member area, admin section, customer care section, any API, etc.
These are the places which get attacked first if someone wants to steal private info of members.

 

Thanks for the infos and thoughts,

Just for info. Personal data that will need encrypting are details like insurance policy numbers, driving licence and passport numbers ( not quite sure on the passport number yet ), addresses, account numbers for utility providers, warranty details etc.

So while not highly sensitive data, they all could be used to perform identity fraud. And so, just to win the trust of the end user, it would be nice to be able to say that all data is encrypted.


Client side encryption I don't think is not the right route. Firstly all data is sent across the internet, but over https and thus it is already encrypted. Secondly, I wouldn't be able to control what extensions/plugins they have installed on their machines, and so they would just need one rogue one installed and all the data could be harvested too. Thirdly, if the end user encounters any problems with the encryption it would be tricky to replicate and debug it in the office.

Yes all the areas where the data is visible will have to be secure. We will have 3 systems Admin Panel for office use, the end users dashboard and an api. Plan is to have ongoing code reviews and possibly make use of third party code reviews.

Question about the key based encryption: Would you suggest to only have 1 key and encrypt all data with that one key or would you create a unique key for each end user? Would that be overkill?

 

@stephan2307
Separate key for each user sounds good, however then you will need to secure a large folder, instead of one php file.
You cannot store the keys in a database, that defeats the whole purpose.
So you will need to put them in a folder somewhere, possibly outside your public_html area, one directory above.
Anyone browsing your directories with ftp will be able to see all the keys, even download them.
With 1 key, in a php file, you can use encoders like zend or ioncube etc, to encode that 1 file itself, so even if this file gets stolen, still is of no use for hacker.
You can use 10 keys instead of just 1.

When your database generates a unique auto_increment number for each registered user, then check the basic multiple of this number.
Use the key assigned for that number as key for this user.

 

Great, thanks

 

Was looking into encryption and came across this article / code.
https://xn--1ca.se/2-way-encryption-in-php/

Does this seem a good way for encryption or is it already outdated?