Ask a Question Register Login

Where to store private keys in public/private key encryption in PHP?

306

I am currently developing an LMS for a school. I want to encrypt the grades students get so that only school administrators, teachers, and the student can access the grades. I don't want to be able to see the grades, and I don't want someone who somehow gets access to the database to see the grades either.

Here's how I'm thinking I'll store the grades in a database, but I'm not 100% sure if this is good or the best it can be.

  1. Every user (teacher, admin, student) has a public and private key
  2. Teacher grades an assignment
  3. The grade gets encrypted with multiple public keys (every teacher and administrator's keys, as well as the student's) and then gets stored in a MySQL database
  4. When a teacher, admin, or the student visits a page to see the grade, the grade gets decrypted with that user's private key.
  5. The private key could be stored in the database, encrypted by the user's password. When a user logs in (with their password), their private key gets decrypted and then stored in a session variable (or cookie) for use during their session to decrypt the grade(s).

One thing that (I think) makes this hard is that there will inevitably be staff changes (a new administrator, a teacher gets replaced, etc.) and I need all teachers and administrators to have access to all grades. So how would I allow a new key pair to access the encrypted data when a new user account should have access?

People are also looking for solutions to the problem: php - How to use the Wordpress API to install plugins

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.