Hello guys I have a security question regarding encrypting/decrypting personal sensitive information: Identity(Name, Address, Phone number), Bank details(Sort code and account number) almost anything is encrypted and it is accessible only by the person himself and by the authorized person to use personal data. And now the main questions are: 1. Is my method secure enough?
2. Is there any better way of doing so?
3. Where shall I use the keys from database or from $_SESSION?(Where is the best plase to use them for decryption for the user to review hes details)
Here is the code:
$iv = mcrypt_create_iv(32, MCRYPT_RAND);
$key = mcrypt_create_iv(32, MCRYPT_RAND);
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $unencrypted, MCRYPT_MODE_CBC, $iv);
That is for encrypting the data before I send it to the DB
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_CBC, $iv );
And this is the decrypting method.(Using the $encrypted, $key and $iv from the above sample).
