SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Evangelist ashattuc's Avatar
    Join Date
    Aug 2002
    Location
    Boise, Idaho
    Posts
    411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Best way to store encryption keys

    Hey folks,

    So what's the best way to store encryption keys on a shared host (using PHP)? I'm using the keys to encrypt sensitive data from forms and save them into a database.

    Thanks!
    Chris
    Chris S.

    Free Web Scripts - Form generators, AJAX tools and more!
    Micro CMS - A totally free AJAX-based, SEO-ed CMS!

  2. #2
    SitePoint Addict
    Join Date
    Jan 2006
    Posts
    268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    keep them in files in a directory outside of the public_html folder and chmod to read/write for you nothing for anybody else.
    If you give someone a program,
    you will frustrate them for a day;
    if you teach them how to program,
    you will frustrate them for a lifetime.

  3. #3
    SitePoint Evangelist ashattuc's Avatar
    Join Date
    Aug 2002
    Location
    Boise, Idaho
    Posts
    411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've read that one should use a new encryption key for each data set, which means each time I store a value, the script needs to create a new encryption key. Is this how most folks do it, or is it okay to have one set of keys to use for all data?

    Thanks,
    Chris
    Chris S.

    Free Web Scripts - Form generators, AJAX tools and more!
    Micro CMS - A totally free AJAX-based, SEO-ed CMS!

  4. #4
    SitePoint Addict
    Join Date
    Jan 2006
    Posts
    268
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've never used more than 1 key per site, but I've also never been storing very personal information, credit card numbers, social security numbers, etc, should be treated with the utmost security (and shouldn't be saved at all, if possible!)
    It depends on what you will be storing.
    If you give someone a program,
    you will frustrate them for a day;
    if you teach them how to program,
    you will frustrate them for a lifetime.

  5. #5
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use GPG/PGP. The public key is stored on the server and used to encrypt the data; the private key is stored in a secure location (not on the server) and used to read the data.

  6. #6
    SitePoint Evangelist ashattuc's Avatar
    Join Date
    Aug 2002
    Location
    Boise, Idaho
    Posts
    411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Bokehman - I'll have to look into the GPG / PGP idea, that sounds about right in terms of keeping it the most secure.
    Chris S.

    Free Web Scripts - Form generators, AJAX tools and more!
    Micro CMS - A totally free AJAX-based, SEO-ed CMS!

  7. #7
    SitePoint Evangelist ashattuc's Avatar
    Join Date
    Aug 2002
    Location
    Boise, Idaho
    Posts
    411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Bokehman, that looks like what I want. I've installed GnuPGP and have successfully sent myself an encrypted e-mail via Thunderbird.

    My next question is how you can sent PGP (I'm using GnuPGP) via a PHP script. Do have have any tips on that?

    Thanks!
    Chris
    Chris S.

    Free Web Scripts - Form generators, AJAX tools and more!
    Micro CMS - A totally free AJAX-based, SEO-ed CMS!

  8. #8
    SitePoint Member
    Join Date
    Mar 2007
    Location
    Adelaide
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by bokehman View Post
    Use GPG/PGP. The public key is stored on the server and used to encrypt the data; the private key is stored in a secure location (not on the server) and used to read the data.
    this is correct for the most secure method, then whenever you need to decrypt the data prompt the user for the private key (via upload form or a text area) and perform the decrypt operation, but never store the private key on disk.

    you can accomplish this with openssl_public_encrypt() and openssl_private_decrypt()

  9. #9
    SitePoint Evangelist ashattuc's Avatar
    Join Date
    Aug 2002
    Location
    Boise, Idaho
    Posts
    411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How are the openssl functions different than using OpenPGP protocol?
    Chris S.

    Free Web Scripts - Form generators, AJAX tools and more!
    Micro CMS - A totally free AJAX-based, SEO-ed CMS!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •