I want to encrypt the firstName and the lastName of every person that creates an account and store the encrypted file into the database.
and then decrypt them back only when a secure request comes to the @RestController
I use Cipher class which comes from javax.crypto.Cipher
and I store the key I use for encrypting in a KeyStore.getInstance("JCEKS")
my question is, should I create a new SecretKey for every item that I want to encrypt or create one key and do all the work with that?
in other words, should userOne's informations get encrypted/decrypted with secretKeyEntryOne, userTwo - secretKeyEntryTwo, userThree - secretKeyEntryThree and so on OR all the informations of all users should be encrypted/decrypted with globalSecretKey ?
if you don't understand what I mean by this question, Please, just let me know and I'll edit my question.
Thanks in advance.
TL;DR: Have many ciphers(SecretKey). It provides better safety.
From a security standpoint, it would be best to have a SecretKey for each user as it will reduce the chances of having all your user's information leaked in the case of a data breach where your globalSecretKey gets leaked. Having many SecretKey does a better job at protecting this information as the worst case scenario is that only one client's information get breached.
Should you not wish to have a million different combinations, you can have a list (around 500; more === better) with ciphers that get selected at random. This reduces the chance of all user's data getting breached. Although if you have the space to store each user as a special key, I suggest that you do that instead.