Where to store private keys in public/private key encryption in PHP?
I am currently developing an LMS for a school. I want to encrypt the grades students get so that only school administrators, teachers, and the student can access the grades. I don't want to be able to see the grades, and I don't want someone who somehow gets access to the database to see the grades either.
Here's how I'm thinking I'll store the grades in a database, but I'm not 100% sure if this is good or the best it can be.
- Every user (teacher, admin, student) has a public and private key
- Teacher grades an assignment
- The grade gets encrypted with multiple public keys (every teacher and administrator's keys, as well as the student's) and then gets stored in a MySQL database
- When a teacher, admin, or the student visits a page to see the grade, the grade gets decrypted with that user's private key.
- The private key could be stored in the database, encrypted by the user's password. When a user logs in (with their password), their private key gets decrypted and then stored in a session variable (or cookie) for use during their session to decrypt the grade(s).
One thing that (I think) makes this hard is that there will inevitably be staff changes (a new administrator, a teacher gets replaced, etc.) and I need all teachers and administrators to have access to all grades. So how would I allow a new key pair to access the encrypted data when a new user account should have access?