firstly, I apologize if my question sounds little confusing, I will try my best to describe my scenario as detailed as possible:
I have website where user can input their personal data about themselves. They are mainly health data, so it's very private and sensitive information. So I need to encrypt this data on the server even then the server is compromised these data are secured because they will be encrypted with each user's password. Of course, user passwords will not be stored as clear-type text on the server, only password hashes.
But my problem is that the website will offer "social function" when user can choose to share some of his/her information with another user. But this would be problem, because I will not have any way of decrypting user private data and so I can't show it to another user.
Can you please give me some options, or at least ideas, how could this be solved ? Preferrably using LAMP environment.
This can be solved using public-key cryptography:
Now, when a user u wants to share the data with the user x, do the following:
Now, when any user x wants to access the data, perform the following process: