I have a website in a shared hosting environment, and I'm also planning to back up in multiple locations. All of that introduces vulnerability where the data could get intercepted, stolen, or misused by authorized parties. The data isn't actively used on an ongoing basis, but only used very occasionally.
In order to protect against disclosure if the database gets breached, I'm working on a public key cryptographic scheme whereby a public key is used to encrypt the data when it's stored. An unchanging private key, stored offline, would then be required to access the information, which could be done in a secure environment and such that the sensitive data never leaves a temporary existence in RAM. This should massively reduce the attack surface from anywhere the data exists (original or backup), to the single points in time where the data is being accessed.
I've been starting with this first example here (with the openssl library):
https://stackoverflow.com/questions/4629537/how-to-encrypt-data-in-php-using-public-private-keys
The problem I'm running into is that the encrypted result is 512 bytes. (4096 bit.) For many fields. That's significantly larger than I'd like to store in the database.
I would ideally like to know if there's an algorithm which generates smaller results such as 64 bytes or 128 bytes, that can also be implemented reasonably easily in PHP. Is there an algorithm which gives more control over the size of the encrypted result? Perhaps I could even have different sizes of results with the same private key?
Since I'm new, I'm hoping for something which is reasonably easy to use. Thanks so much!