http://qs321.pair.com?node_id=109561


in reply to Encryption and decryption using different keys

It really depends on your usage. You say that you want to encrypt with a different key than your decryption key so that if someone finds the encryption key, your data will not be compromised. But couldn't someone just as easily find the decryption key, if you have to use it to decrypt the data?

Assymetric crypto (public/private key crypto) is useful when you, and only you, have access to your private key. It works well in scenarios like sending data from one party to another (eg. through email), because the sender can encrypt using the public key, and the recipient decrypts using the private key.

But I'm not sure if that really applies to what you are doing.

For example, if you're building a system that interfaces with this database, then you are going to have to both encrypt and decrypt the data therein. So your decryption key is going to be just as exposed as your encryption key--in which case it doesn't buy you a whole lot to have two different keys.

I think that you need to determine the scenario of when you are going to be encrypting data, and when you will be decrypting it. This will give you some hints as to use one symmetric key or a public-private key pair. If it is still unclear, describe these scenarios in more detail.

BTW: if you do end up wanting assymetric crypto (which I'm not absolutely sure that you need), you could check out Crypt::OpenPGP or Crypt::RSA.

If you go the symmetric crypto route, Rijndael (Crypt::Rijndael) is a very good cipher.