SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    Forum Mathematics Geek Agent Dwarf's Avatar
    Join Date
    Aug 2002
    Location
    Commonwealth of Pennsylvania
    Posts
    232
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Storing encryption keys?

    Hello everyone,

    I have a problem that I need help with.

    The problem is that the server that I am hosted on is insecure - it's not under our control. We need to store sensitive data in the database.

    Naturally, since we have installed libmcrypt, I thought of encrypting.

    Then, a problem occured.

    The system basically works this way - an administrator uploads sensitive data. Then, users come and read that sensitive data.

    Since this needs to be automated, the administrator can't send out the key to unlocking it so the users can read it. This would be insecure, too.

    So, I would need to store the encryption key on my server, or use a common key. The problem with that, is if the web host wants to snoop around, they still can, it would just take them a little longer to find it.

    Is there any way I can solve this problem with PHP? Besides, "get a secure host".

  2. #2
    SitePoint Guru okrogius's Avatar
    Join Date
    Mar 2002
    Location
    US
    Posts
    622
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well you can have your script generate a random encryption key each time and email it to the right parties.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •