On 11/4/06, Brad Tilley <rtilley / vt.edu> wrote:
> Does anyone use openssl within Ruby to encrypt data? I want to use a hosted
> MySQL database, but most of the hosting companies do not support MySQL with the
> aes_encrypt() or aes_decrypt() functions.
>
> Most have Ruby bindings to MySQL and they support Rails. So, I thought I could
> use openssl to encrypt data within Ruby and then store that data in the
> database. I don't know if others are doing this. I thought I'd ask the list to
> see if others do this.
>
> Thank you,
> Brad

I'm not doing it ('cause I just don't need it ;-). Anyway I think it
should work. However please note some possible problems:

1. you'll want o have your records independent - therefore either
using ECB mode or special IV for each record.

2. you don't want to have the same data in different places encrypted
into the same ciphertexts - therefore you'll need either IV or some
kind of salt, that you'll need to store somewhere (it depends on the
data you store, maybe a per row IV would be enough)

3. most probably you can't encrypt the index fields, and search will
not work as usual on encrypted fields.

Taking this into consideration, it should be possible to create a
schema that will work.

(If you don't know what these IV, ECB and salt things are, I recommend
reading something on cryptography, e.g. [1]. It's easy to get crypto
wrong, and useless)

[1] http://www.cacr.math.uwaterloo.ca/hac/