|There's more than one way to do things|
Re: Encryption and decryption using different keysby btrott (Parson)
|on Sep 01, 2001 at 01:33 UTC||Need Help??|
It really depends on your usage. You say that you want to encrypt
with a different key than your decryption key so that if someone
finds the encryption key, your data will not be compromised. But
couldn't someone just as easily find the decryption key, if you
have to use it to decrypt the data?
Assymetric crypto (public/private key crypto) is useful when you, and only you, have access to your private key. It works well in scenarios like sending data from one party to another (eg. through email), because the sender can encrypt using the public key, and the recipient decrypts using the private key.
But I'm not sure if that really applies to what you are doing.
For example, if you're building a system that interfaces with this database, then you are going to have to both encrypt and decrypt the data therein. So your decryption key is going to be just as exposed as your encryption key--in which case it doesn't buy you a whole lot to have two different keys.
I think that you need to determine the scenario of when you are going to be encrypting data, and when you will be decrypting it. This will give you some hints as to use one symmetric key or a public-private key pair. If it is still unclear, describe these scenarios in more detail.
If you go the symmetric crypto route, Rijndael (Crypt::Rijndael) is a very good cipher.