I'm trying to save data very securely for a client, and will be using GnuPG. The web server is running Apache/PHP and will encrypt the data with a private key, build the SQL statement after validating, etc, and send it to the database server.
The database server is only available on the internal network, and will be connected to by only the web server. A public key matching the PK on the webserver will be on the database server. So far, so good.
Now, the issue. I'd rather not run Apache/PHP on the database server, but I see no other way to retrieve the data. I find no documentation of a PG/GnuPG implementation with MySQL, but I may be overlooking something. If I do a simple select statement to retrieve the data, it will be encrypted and the public key will have to reside on the web server, which of course makes the use of GnuPG useless.
Any ideas or experience that someone can share would be helpful.
Thank you! Brian
I am a bit confused here... I haven't heard of using GnuPG for storing data in a database.
Are you looking to develop something that sits on top of mysql on the DB server, and decrypts/encrypts data coming into or out of the database?
I use GnuPG to send encrypted emails, and it is extremely useful for that. I don't keep a private key on the web server at all, because I never decrypt there. Only a public key, which is all you need for encrypting.
GnuPG doesn't seem like the right tool for what you are doing. Basically you would have to have to keep the private and public key on the Web Server, encrypt all data going into the DB with the public key, and decrypt all the data coming out with a private key. This is no more secure than any other encryption method, because you are storing the private key on the web server.
Is security on the database server the problem here? I would think any simple passphrase encryption algorithm would be a lot more efficient than GnuPG, and just as secure, because you still have to store the password.
Now when you have a situation like emailing credit card data to your email account from a Web Server Form, GnuPG really becomes useful.