How should I store a AES Encryption Key?

Question

I run a DV 3.5 server on MediaTemple with Linux CentOS 5, php and mysql DB and am trying to encrypt phone records with AES.

I came across what seems to be good script as PHPAES

but I am not sure of the following:

1. Where do I actually store the AES Encryption key used to encrypt and decrypt the phone number?

2. How do I call on the AES encryption key when a user submits their data via form and stores into our MySQL database?

3. When I want to descrypt that information for our internal customer service agents - how do they in turn call on the AES key?

I realize this is probably very simple but please don't insult. I am trying to learn best practice for how to move forward with any type of encryption whatsoever. Something (to this point) we have not had need for.

Answer 1

Your should store your private key in your PHP source code, and to make that secure you'll need to encrypt your source code with either Zend Guard or Ioncube.

http://www.zend.com/en/products/guard/

http://www.ioncube.com/

You can store the key in a class and access it throughout your code with a static get method.

class KeyProvider
{
    private static final $my_private_key = 'yourkeyhere';

    public static function getKey() {
       return self::$my_private_key;
    }
}


$key = KeyProvider::getKey()

Depending on which encoder you choose you'll need to install the zend guard or ioncube runtime on your server, this is a pretty simple process where you edit php.ini (details for installation are on both websites)