I'm trying to add a hybrid encryption scheme to my PHP application, and by "hybrid" I mean that each record in the database is encrypted by its own unique symmetric key and each symmetric key is encrypted by a shared private key not stored in the database. The symmetric keys are 256 bit AES keys and the private key is a 2048 bit RSA key.
The hybrid encryption scheme works but decrypting the symmetric keys is introducing a bottleneck into the application - decrypting one key is fine, but if I need to retrieve 100 records from the database and decrypt a field in them the script execution time is becoming a real issue because of the overhead decrypting the symmetric key adds. My unscientific tests using the speed tool in OpenSSL suggest that going from a 1024 bit RSA key to a 2048 RSA key is resulting in a decryption time seven times longer on my machine.
Is there a good reason why I can't just use a shared symmetric key (stored securely) to encrypt the symmetric keys for each record? I'm not entirely clear on what the benefit of using an asymmetric key scheme is. I understand that the RSA key can't be used to encrypt large amounts of data (which is why I'm using a symmetric key to do that) but is it the case that a symmetric key shouldn't be used to protect a small amount of data i.e. a 256 bit AES key?
Thanks in advance for any help or guidance!