I have a client who needs to have KYC for users on the platform. We will have a KYC service provider validate the ID, but we do not want to store any PII (Personally identifiable information) ourselves.
It seems like we could take their ID, encrypt it (SHA256 or similar), then associate it with a auto-generated user ID number, and store it on the ETH blockchain. The platform will simply reference them with the auto-generated ID number.
Is there anything wrong with this idea or approach? Are there any recommendations to do it any other way? While the client is using ETH for their platform, I see no reason why we'd have to use ETH solely for the user ID/KYC functionality.
Obviously our concern is security, as the client would be screwed if someone figured out how to decrypt the IDs. Is this a realistic threat?
Does anyone see any problems with this plan?
You should be able to handle this process and store the information on the ETH Blockchain.
I would suggest speaking with a Solidity developer. They will give you the specifics about programming the system.
A database can be in various forms, there should be no restriction with the Ethereum Platform.
https://solidity.readthedocs.io/en/develop/