Results 1 to 2 of 2
Thread: Storing encryption keys?
Aug 17, 2002, 22:33 #1
- Join Date
- Aug 2002
- Commonwealth of Pennsylvania
- 0 Post(s)
- 0 Thread(s)
Storing encryption keys?
I have a problem that I need help with.
The problem is that the server that I am hosted on is insecure - it's not under our control. We need to store sensitive data in the database.
Naturally, since we have installed libmcrypt, I thought of encrypting.
Then, a problem occured.
The system basically works this way - an administrator uploads sensitive data. Then, users come and read that sensitive data.
Since this needs to be automated, the administrator can't send out the key to unlocking it so the users can read it. This would be insecure, too.
So, I would need to store the encryption key on my server, or use a common key. The problem with that, is if the web host wants to snoop around, they still can, it would just take them a little longer to find it.
Is there any way I can solve this problem with PHP? Besides, "get a secure host".
Aug 18, 2002, 14:00 #2
Well you can have your script generate a random encryption key each time and email it to the right parties.