Hey there,
I'm writing a web app, and one of the requirements is that customer data must be encrypted.
The only people who should be able to decrypt the data are the customer themselves (using their password) and the administrator.
Right now, I have my encryption setup like this:
The unencrypted data is encrypted using AES-128 and a random key.
This random key is then encrypted twice, once with a string derived from the user's password, and again with the same on the admin side.
All is fine and well until I have to deal with encrypting on the admin side. Of course, to encrypt with the string derived from the admin password, requires that to be on the server. That's the snag. If the server was compromised then it would be trivial to grab this string and use it to decrypt all the data.
I believe what I need is asymmetric encryption here, and i've been looking into GnuPG however it is incredibly confusing to me. It seems entirely email orientated and doesnt want to generate/use keys on the fly - it wants to store them permanently and use its keyring... not what I want.
I need to be able to do something like the following:
$data = "secret";
$keys = generate_keys();
$encrypted_data = encrypt($keys['public'], $data);
$decrypted_data = decrypt($keys['private'], $encrypted_data);
(Obviously a poor example, but it shows the functionally that's needed.)
Does anyone know of a solution. Is there any way to make GPG work like this?
I would be greatful of any response.
