End-to-end encryption for some panel fields

I just had an idea for a plugin, but I’m submitting it here to evaluate how doable such a thing would be, and whether I would be the only user.

I’m currently building a portfolio site for my brother, on which there is a small shop. To make it easier for him, pending orders are listed in the panel (and obviously not displayed anywhere else on the site).
However I would like the personal info (address, name, phone number) of customers to be as much protected as can be, in the case of data loss/leak.

One solution is to encrypt the disk of the server on which the site is running. That’s doable, but one needs a full dedicated private server to do so (even if virtual), and also has to be quite technically-minded to know how to set this up.

Another one, which I find quite interesting, is to do some kind of end-to-end encryption, à la Protonmail i.e a key-pair is generated client-side upon user creation, the public key is stored as-is but the private-key is encrypted using the user’s password and some extra stuff. Now for this to work, the server should not have access, at any point, to the user’s password (In a threat model in which the server can be compromised).

I don’t know how Kirby handles user passwords yet, but I’m willing to bet they do receive them in plaintext when users log in, so this would have to change. Every field could receive a encrypt: true parameter in the blueprint, but I don’t know how easy it is to extend every single field.

Anyways, feel free to say if you think this is a terrible idea,
I’ll see later if I have time to investigate further.

That’s a nice idea!

Kirby of course stores passwords in a hashed form (bcrypt at the moment), but user login sends the plain text password to the server to verify it against the hash. To make it work without that, we would need to hash the password in two layers so that the client would be able to do the first round of hashing already before sending the password over. That’s however quite complex as we would need to store the salt for the inner round of hashing and communicate that to the client etc.

If you know a solid and expert-approved algorithm to implement this, please let me know.