将敏感数据安全地存储在数据库中 [英] Storing sensitive data securely in a database

问题描述

我目前正在建立疗养院网站. 我已经设计了一种在数据库中存储私有数据的方案，但是我希望您对此有意见.

基本上，我有一个表patient，其中存储有关患者的 public (=非敏感)信息.其他一些信息(例如名称，地址)是私有信息，需要安全存储.我使用由PHP OpenSSL生成并由网站管理员发送的公钥/私钥对.仅允许访问私人数据的人员(基本上是医疗保健提供者)知道该密码短语. 我想将它们存储在另一个表中. 第一个问题，BLOB是用于存储二进制数据的最佳列类型(对于MySQL).还是应该将它们转换(例如，使用base64)并将其存储在VARCHAR列中?

我的patient_secure_data表如下所示:

id          INT AUTO_INCREMENT
patient_id  INT (FOREIGN KEY to patient.id)
key         VARCHAR(63)
data        BLOB
env         BLOB

这是一个键值表，其中的值由 openssl_seal 密封.我需要存储第三个参数($env_keys)才能解密数据.所以第二个问题，如果我在调用解决方案

1-BLOB是我的偏爱，因为将其编码为base64会增加空间和处理时间(因为解密之前还必须解码base64)

2-openssl_seal没有提供用于加密数据的密钥. env_keys的目的是存储所生成密钥的加密形式.调用openssl_open时，将为其提供此信封密钥以及解密该信封密钥所需的私钥.私钥需要与用于生成信封密钥的公钥匹配.

3-如果您的私钥需要密码，那么从技术上来讲，您的数据相对来说是安全的.即使他们具有信封密钥和私钥，也将无法使用它……但是您的密码短语的安全性如何?要意识到的一件事是，您可以几乎从不保证完全安全的方案，但是您绝对可以使黑客难以承受.在这里发挥您的想象力.顺便说一句，您的密码短语是纯文本形式吗?

I am currently building a website for a nursing home. I have already designed a scheme to store private data in my database, but I would like your opinion about it.

Basically, I have a table patient which stores public (= non-sensitive) information about patients. Some other information (like name, address) are private one and need to be securely stored. I use a public/private key pair, generated by PHP OpenSSL and sent by the website manager. The passphrase is only known by people allowed to access private data (basically, healthcare providers). I would like to store them in an other table. First question, is BLOB the best column type (with MySQL) to store binary data. Or should I convert them (with base64 for example) and store them in a VARCHAR column?

My patient_secure_data table looks like this:

id          INT AUTO_INCREMENT
patient_id  INT (FOREIGN KEY to patient.id)
key         VARCHAR(63)
data        BLOB
env         BLOB

It is a key-value table, where value are sealed by openssl_seal. I need to store the third parameter ($env_keys) to be able to decrypt data. So second question, why do I need this env_keys if I have the passphrase of the private key when I call openssl_open?

Third (and last) question, is it a safe database schema? I mean, can I guarantee that nobody without passphrase can see private data?

Note: I will also use the same key pair to encrypt files stored on disk. But database or files, I can't see any differences regarding security.

Regards,

Guillaume.

_{Sorry if my language is not perfect, I am not a native english speaker... I hope I made myself clear.}

解决方案

1 - BLOB is my preference because encoding it to base64 will increase both space and processing time (since you will have to also decode base64 before you decrypt)

2 - openssl_seal does not give you the key that was used to encrypt the data. The purpose of env_keys is to store the encrypted form of the generated key. When you call openssl_open, you give it this envelope key and the private key that it needs to decrypt the envelope key. The private key needs to be matched with the public key that was used to generate the envelope key.

3- If your private key requires a passphrase, then technically your data is relatively safe. Even if they have the envelope key and the private key, they won't be able to use it ... but how secure is your passphrase? One thing to realize is that you can almost never guarantee a fully secure scheme, but you can definitely make it tough on hackers. Use your imagination here. Btw, is your passphrase in plaintext in your code?

这篇关于将敏感数据安全地存储在数据库中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！