I am a volunteer with a non-profit organization. Part of my proposal entails encrypting and decrypting Personal Identifying Information, its storage on a database, and transfer over the internet.
I would like to use or extend software code that improves upon the public-key and private-key paradigm. I have previously written code as a software engineer.
There are two processing stages to this proposal:
1) The first time a PII number is entered on or provided to an organization, a public key is used to encrypt a PII number using a random number. Then the resulting encryption is transferred over the internet to a central internet based database.
2), A private key is used to decrypt what has been recorded on the database. However the result of decryption should not be the PII itself, but indication whether this PII has been received previously - where in stage 1 a different random number was used. After processing, the outcome is transferred back to the originating organization.
As there is no requirement for encrypted PII to be stored on the database, the rational for this approach is if the database and private key are compromised, the unauthorized party will not have access to PII stored on the database.
I appreciate your advice and opinion on the best approach to achieve this objective.