Certain highly-sensitive information (payment info, usernames, passwords, etc.) ought to be encoded prior to it being endured to my database.
Later, that information needs to be decrypted to be able to be fetched from persistence and used at another time.
Basically use, say, AES256 to secure a billing address, I'll still have to store that AES256 key/passphrase in persistence too.
When the whole idea behind encrypting information that's starting a database would be to safeguard that information just in case someone hacks into my database, and I am storing the important thing to decrypt that same information within the database, then what's the purpose of encrypting the information to begin with?
If a person hacks into my database, they'll have the ability to discover the endured key and decrypt any encoded data they would like to anyways.
Shall We Be Held missing something here?
There's a classic saying "File encryption is simple, key management is difficultInch. Which greatly is applicable here.
If you want to store data within an encoded format (you frequently don't since you only have to hash the information not secure it), you don't want the file encryption answer to be saved within the database. You would like the important thing to become accessible whenever your programs have to decrypt the information but you wouldn't want people such as the DBA that can access all of the encoded data to have the ability to obtain the key. You need to make certain that the bottom line is supported to ensure that you are able to recover the information but you wouldn't want individuals backup copies to comingle together with your database backup copies. Key management, therefore, turns into a very thorny problem to resolve.
Within the huge most of cases, you need to purchase some third-party key management solution that may cope with these contradictions. Much like you won't want to implement file encryption calculations by yourself, you won't want to do key management by yourself. Individuals that make an effort to solve key management by themselves generally don't succeed.
A much better option is to make use of certificates which may be easily completed in most RDBMS.
The best choice regarding passwords would be to hash them. This can be a one of the ways hash, and isn't decrypted. Essentially, whenever a user logs in, you hash their input password, and compare the hash from the one saved inside your db for any match - along with a effective login.
Regarding payment information, you may need a random produced private key. With respect to the system and implementation this is often saved a variety of ways. You are able to store this inside a config file, encoded utilizing an RSA container for instance so it's not readable. You will find other solutions too.
You may also encoded db connection strings and so on using the RSA container method above to assist prevent anybody really seeing you db username password the application uses to gain access to the db.