Selecting Encrypted Username From DB

#1

Hi All

I am learning how to encrypt information in my DB.

I am trying to encrypt any personal information so that if I am ever hacked the information they get is pretty much useless.

I think I am doing quite well so far however I have got stuck on selecting the encrypted username in the DB.

I have my secret key and have done tutorials and have this code:

function encryptthis($data, $key) {
$encryption_key = base64_decode($key);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
return base64_encode($encrypted . '::' . $iv);
}
 
function decryptthis($data, $key) {
$encryption_key = base64_decode($key);
list($encrypted_data, $iv) = array_pad(explode('::', base64_decode($data), 2),2,null);
return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
}

I have it working adding and removing items from the DB when I use the uniquieid however I get the uniqueid with my login form and can’t work out how to select the encrypted username from my DB.

Can you help me?

Many Thanks

mrmbarnes

0 Likes

#2

Hi, this is one of the problems with encrypted values in the database, you cannot search them in the database or execute a “where” query unless you decrypt it first :wink:

0 Likes

#3

Thanks… and how do you do that?

0 Likes

#4

If I was you I wouldn’t encrypt the username but make sure only the password is encrypted with php password_hash function. In terms of database security is better to spend some time securing the server to prevent possible attacks and the possibility that someone could get access to the database values. To make the login more secure you can use two factor autenthication for example.

If you still want to execute a select query for encrypted data then I can read this article: https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql

0 Likes