Jim, I tend to derive a key based on a separate character string and the contents of the data in the same or a related table. This means each row has a unique encryption key and you never have to have the whole key stored somewhere (you don't even know it :p ). Biggest advantage to this is should someone get hold of your data they have to work out your character string and the logic for deriving the key or attempt to hack each and every individual row of the table because no two rows will ever have the same key.
For example, in a table with the columns `username`, `email_address`, `password`, `jointime` (where password is encrypted with AES_ENCRYPT) I may Use a charcter string of "awfully_complex_char_string-" and derive the key like so CONCAT("awfully_complex_char_string-",SUBSTRING(`email_address`,1,LOCATE("@",`email_address`)-1),CAST(`jointime` AS CHAR)) I then store the logic in a database stored procedure and use database security to prevent unauthorised access. At no point do I have this logic outside the database in any external application or script! That would be silly :) Regards John Daisley On Thu, Mar 18, 2010 at 7:26 PM, Jim <j...@lowcarbfriends.com> wrote: > In terms of encryption functions AES_DECRYPT and AES_ENCRYPT, can anyone > point to any good links or offer any suggestions in terms of best practices > on storage of the associated symmetric key? I've found very little > information on this when searching. > > Does MySQL offer any asymmetric encryption capabilities? > > What are people using in terms of a good solution for encrypting specific > columns of table data while providing protection of the key? > > Thanks, > Jim > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: > http://lists.mysql.com/mysql?unsub=john.dais...@butterflysystems.co.uk > >