Where should one store the cipher key when using AES encryption with PHP?

Question

I am implementing AES-256 bit encrpytion in my web app:

http://www.utoxin.name/2009/07/automatic-db-field-encryption-in-cakephp/

One of the steps says to store the cipher used and key in a boostrap file. But what is stopping someone from scanning the file system with PS or something and decrypting the data?

What is the best way to secure the data?

Answer 1

If someone has access to all files on the hard drive of your server, all bets are off. There is no way you can protect your data then, because your webapp still has to be able to access it.

This encryption will only protect you from attackers who can access the database, but not the file system, e.g. through SQL injection. And even in that case they may be able to read the data: depending on the particular leak, the webapp might happily decrypt it for them!

Answer 2

(I realize this is an ancient question, but as the author of the linked blog post, I wanted to add some comments)

What the accepted answer says is all correct. Once your filesystem is compromised there's no protection. Also, yes, if poorly written it is possible to expose data in an unencrypted form. This tool was meant to simply provide a way to make it much easier to handle the encrypting of data in the database. If you don't like the auto-decrypt functionality, it would be trivial to remove the afterFind() callback on the behavior so that it no longer triggers, as well as any number of other adjustments that could improve security (at the cost of convenience).

I hope this helps anyone else who stumbles across this post. Someone has, since I just got a couple hits to my blog from this question. :)

Answer 3

On a unix box you can store it into a file, created by the user account for apache, with 0600 permisions. This can be accessed by the root, so if the box it's secure there is no problem.On windows boxes, I don't know.