Encryption

[David Smith]

<quote who="Eric Jensen">
> Working on some encryption schemes and running into a few humps.  We
> have a great GnuPG scheme for encrypting all of our backup files.
> Really digging the public and private key scheme.  But now we are
> wanting to encrypt specific fields in our database.  Reading MySQL docs
> and they have some good encryption schemes but it is all symmetric.  We
> would like the data to be encrypted with a public key and then during a
> special process of our choosing we decrypt with the passphrase protected
> secret key that isn't even stored on the server.  This way if there was
> every a compromise on the server itself the worst they can do is use our
> public key to encrypt more of our data.  I tried using GnuPG to encrypt
> strings, but MySQL sure doesn't like you passing it encrypted strings
> with all those crazy characters.  Anybody have any ideas?

I'm not a big encryption buff, but I do know how to send "crazy" data to
MySQL. Use prepared statements. Here's a HOWTO that uses Java, but most
languages have some kind of support for them.

--Dave