Save generateRandomKey and encryptByKey in db

sn4k3 · June 19, 2015, 1:49am

Hello,

I need a safe way to save private keys in db, so while i search for a solution i come up with this test:


$key = Yii::$app->security->generateRandomKey();

$encdata = Yii::$app->security->encryptByKey($string, $key);


Key: ñgÅ‡+CeETŸG–È¸Šžû@Ê(mô©a ™”{º%

Encrypted data: Þ]°‹Þ¸d$ÀÁ¢	X]¥ee1c5e6594e9fcddb2295f2e8c90f45a25a48873c9f017d004e43101bd033eac¾’ˆƒÐà b`när\úŸÉ©³-pìÕ<lˆÎ2àÜøÆ9õ_æ?WMR{að¯ú+ŽXJÿEÅæ‹ª¢ÙÌŽ™¿t‘pûÐjð‡OÅ»Àhab6eâ2‡QŸë

My question is if Yii2 will mantain the en/decrypt function over the time and if will always return the original string? It can’t change or something bad can happen with a transaction.

Also i use the utf8_unicode_ci charset in my db, is this encrypted data compatible with my charset or do i need to upgrade for a better charset? if so what should i use?

Thanks

Calcio · June 19, 2015, 12:30pm

@sn4k3, The security method only encrypt the string and only work if you call it. (I don’t know that you want to know it)

I think, the security method use only normal characters like number, string and characters like *, &,%, $ etc.

I hope that I help you.

phtamas · June 19, 2015, 1:49pm

Even if it will, data often outlives applications and you might want to rewrite your app in a few years with Yii3, Symfony4, RoR6 or whatever. I’d look for an encryption mechanism at database level for long-term encrypted storage of business critical data.

sn4k3 · June 19, 2015, 3:17pm

Well my question is more about if db support this chars with my charset utf8

“You think”… Didn’t you see my first post?? is this string: " Þ]°‹Þ¸d$ÀÁ¢ X]¥…øÆ9õ_æ?WMR{að¯ú+ŽXJÿEÅæ" normal characters to you? When i paste it with notepad++ UTF8 file many chars are not recognized.

So what do you recommend? I need a strong and secure solution.

Is MySQL AES_ENCRYPT() a good bet?

Thanks