Encryption of sensitive data with a symmetric key
Protecting your database has never been more important. Your API keys, card information or even invoices can be a prime target for a cybernetic attack. In this article, I will talk about making your data unreadable to hackers using symmetric key encryption. Read on to find out what it is and when you should consider it.
Table of contents
What is symmetric key encryption? Short definition
What is symmetric key encryption? In simple words, symmetric key encryption is the conversion of data using a key so the data becomes unreadable to a human reader. The same key is used to encrypt and decrypt that data, which is the opposite to what asymmetric encryption does, where decryption requires a separate key. Despite being an older solution, symmetric key encryption is faster than asymmetric.
There are a couple of encryption algorithms available, such as: AES, DES, and RC4. The problem is that they contain a single key for encryption and decryption. Exposing this key might be a security risk and migration of encrypted data to a different key would take more time.
When do you need it?
Symmetric key encryption should be considered while working with big data systems. The more operations needed, the slower the system will be which is why you don’t need to encrypt all of your data. Before implementing this solution you should analyze your endpoints, for example, the admin might need to list the users on the service. The endpoint would need to decrypt each user, or even worse each field of data from the user.
It’s a great solution to keep you safe, but security has its price, and in this example it would affect the performance of the whole system. If your code architecture includes CQRS it would be pretty easy to implement as this style of design and separate write and read models are highly compatible with this functionality. Even if you usually prefer to use asymmetric keys.
What are the benefits of symmetric key encryption?
The one and only benefit of symmetric key encryption is that it’s saves you from potential database leaks as it makes the data worthless to a hacker. It’s an additional protection on the data row level that offers the advantage of making your data unreadable and unusable. There aren’t any more benefits, but your data has its value. Would you like to let anybody sell it on the darknet? With this solution they won’t be able to. In 2022, data protection is more important than ever before.
What exactly should I encrypt?
I recommend using symmetric key encryption of sensitive data like user data, card information, API keys, and tokens to other services. In fact, you can use it for anything, even for invoice data. It’s up to you to decide what is valuable to your business. Every type of data has value, the question is what kind of data is most important for your company?
Conclusions
It’s not advisable to encrypt your data on a DB engine level. Your queries with the encryption key might be visible to outsiders, for example in the MySQL query SHOW PROCESSLIST. You should always do your encryption on the backend side so you will not expose your key.
Encryption is great protection, but maintaining the application might be problematic, as developers might need to debug functionalities, which is both time and energy consuming. There is also a risk of someone accidently leaking the encryption key on Slack, email or any other instant messaging app. The same risk comes with using the same account for the DB connection between developers. To summarize: symmetric key encryption is a great solution, but it won’t protect you from peoples’ mistakes.
Share this article: