right now, the userdata stored in my (MariaDB-)database is encrypted (AES). The data is encrypted whenever users post or edit the data; the 40+-digit encryption-key was created randomly with the user account and is then stored inside a file in an extra folder that is secured by a .htaccess-file. So even when the database is breeched, no cleartext data should be visible to the attacker - unless the attacker also gains control over the keyfile, which is stored on the same server.
My question is: would it be more secure if a user has to upload the keyfile for encryption everytime after login? The last filepath could be stored and used in the input-field, so that there is at least rudimentary comfort when doing this.
It would be like this: 1. User -> Login 2. If login confirmed: upload keyfile in a next step from the local computer to the server 3. Server -> confirm keyfile 4. The confirmed keyfile will be then encrypted by a temporary encryption key and stored inside the $_SESSION-variable, which will expire after 30 minutes of inactivity.
Of course this approach is not as comfortable as just login in, but I think it will be more secure in case of a security breach of the server (?).
