zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-10 16:58:34 +02:00
Code Issues Projects Releases Packages Wiki Activity
getnamingo-registry/docs/encryption.md
Pinga 7330f7b868 Docs housekeeping
2023-11-27 16:59:59 +02:00

2.2 KiB
Raw Blame History

Namingo Data Encryption

To ensure GDPR compliance, it's crucial for registry owners to secure sensitive registrant data. Encrypting this data in all contact tables is a fundamental step in safeguarding privacy and maintaining data integrity. Below, we outline a comprehensive approach to implement encryption in the Namingo registry, leveraging the robust capabilities of defuse/php-encryption.

Installing defuse/php-encryption via Composer:

composer require defuse/php-encryption

1. Generate an Encryption Key

Use keygen.php to generate an encryption key:

use Defuse\Crypto\Key;

// Generate a random encryption key
$key = Key::createNewRandomKey();

// Save this key securely; you will need it for both encryption and decryption
$keyAscii = $key->saveToAsciiSafeString();

// Output the key so you can copy it
echo $keyAscii;

2. Save the Key Securely

  1. Copy the echoed key.

  2. Store the key in an environment variable on your server. For example, add this line to your ~/.bashrc or ~/.profile, replacing your_key_here with the actual key:

export NAMINGO_ENCRYPTION_KEY='your_key_here'

To ensure the environment variable is retained after reboot, you can add it to your system's profile settings or use a tool like systemd to set it as a system-wide environment variable.

3. Using the Key for Insert Operations

use Defuse\Crypto\Crypto;
use Defuse\Crypto\Key;

// Load the encryption key from the environment variable
$keyAscii = getenv('NAMINGO_ENCRYPTION_KEY');
$key = Key::loadFromAsciiSafeString($keyAscii);

// Assuming $pdo is your PDO instance
$rawData = "Sensitive Data";
$encryptedData = Crypto::encrypt($rawData, $key);

// Prepare and execute the insert statement
$stmt = $pdo->prepare("INSERT INTO your_table (data_column) VALUES (:data)");
$stmt->bindParam(':data', $encryptedData);
$stmt->execute();

4. Database installation (please choose one):

// Assuming $pdo is your PDO instance
$stmt = $pdo->query("SELECT data_column FROM your_table WHERE some_condition");
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$encryptedData = $row['data_column'];

// Decrypt the data
$decryptedData = Crypto::decrypt($encryptedData, $key);

echo $decryptedData;