Asymmetric Encryption in PHP?

Is there a way to do asymmetric encryption purely in PHP?

Not for e-mail...could care less. But for credit card number processing, if
the bookkeeper could have a password she typed in every time she ran a batch
to unencrypt credit card numbers AND that number was not stored anywhere on
the webserver, several clients would be much less worried :>)

This is implying of course the numbers are encrypted on the server when they
are initially inserted into the database using a key on the server a hacker
could find with enough looking.

tia,
John
in Houston

Tex John <john@logontexas.com> wrote:[color=blue]
> Is there a way to do asymmetric encryption purely in PHP?[/color]

Define purely PHP.

Is http://nl3.php.net/openssl pure enough? Or somehting like
http://www.edsko.net/phpsource.php?f...ojects/rsa.php ?

Well, I'll loosen that up and say "not require a recompile of php or apache"
to get gpg or pgp to work and "not use an exec or system call"

John


Daniel Tryba" <partmapsswen@invalid.tryba.nl> wrote in message
news:4241e0eb$0$152$c5fe704e@news6.xs4all.nl...[color=blue]
> Tex John <john@logontexas.com> wrote:[color=green]
> > Is there a way to do asymmetric encryption purely in PHP?[/color]
>
> Define purely PHP.
>
> Is http://nl3.php.net/openssl pure enough? Or somehting like
> http://www.edsko.net/phpsource.php?f...ojects/rsa.php ?
>[/color]

Tex John <john@logontexas.com> wrote:

Please don't TOFU
[color=blue]
> Well, I'll loosen that up and say "not require a recompile of php or apache"
> to get gpg or pgp to work and "not use an exec or system call"[/color]

Then what is you php/apache config?

1) I don't eat tofu so explain and I'll leave it out of my posts, too

2) I work for clients that have various configs. Almost all at least lease
their own boxes, but only one has the box actually at his location. So it
varies...and getting recompiles done can be problematic.

John


"Daniel Tryba" <partmapsswen@invalid.tryba.nl> wrote in message
news:4241ed82$0$153$c5fe704e@news6.xs4all.nl...[color=blue]
> Tex John <john@logontexas.com> wrote:
>
> Please don't TOFU
>[color=green]
> > Well, I'll loosen that up and say "not require a recompile of php or[/color][/color]
apache"[color=blue][color=green]
> > to get gpg or pgp to work and "not use an exec or system call"[/color]
>
> Then what is you php/apache config?
>[/color]

In article <VDm0e.37510$8D.25602@tornado.texas.rr.com>,
"Tex John" <john@logontexas.com> wrote:
[color=blue]
> 1) I don't eat tofu so explain and I'll leave it out of my posts, too
>
> 2) I work for clients that have various configs. Almost all at least lease
> their own boxes, but only one has the box actually at his location. So it
> varies...and getting recompiles done can be problematic.
>
> John
>
>
> "Daniel Tryba" <partmapsswen@invalid.tryba.nl> wrote in message
> news:4241ed82$0$153$c5fe704e@news6.xs4all.nl...[color=green]
> > Tex John <john@logontexas.com> wrote:
> >
> > Please don't TOFU
> >[color=darkred]
> > > Well, I'll loosen that up and say "not require a recompile of php or[/color][/color]
> apache"[color=green][color=darkred]
> > > to get gpg or pgp to work and "not use an exec or system call"[/color]
> >
> > Then what is you php/apache config?
> >[/color][/color]

TOFU == "Text Over Full Quote Under" i.e. "Don't top post":

Why Top Posting is bad:

http://mailformat.dan.info/quoting/top-posting.html

Primer on Usenet posting customs in news groups
http://members.fortunecity.com/nnqweb/nquote.html

Bottom vs. top posting and quotation style on Usenet
http://www.cs.tut.fi/~jkorpela/usenet/brox.html

Why bottom-posting is better than top-posting
http://www.caliburn.nl/topposting.html

+What do you mean "my reply is upside-down"?
http://www.i-hate-computers.demon.co.uk/

The advantages of usenet's quoting conventions
http://homepage.ntlworld.com/g.mccau...ks/uquote.html

Why should I place my response below the quoted text?
http://allmyfaqs.com/cgi-bin/wiki.pl...bottom-posting

Quoting Style in Newsgroup Postings
http://www.xs4all.nl/%7ewijnands/nnq/nquote.html

[now back to your question]

You could "roll your own" simple encryption? It's easy enough to
something like XOR'ing the consecutive bytes (repeated as needed to pad)
of the password string with the clear text. Store the MD5 checksum of
the password for comparing for validity before decrypting. It's a
two-way algorithm. No need to recompile anything and can be ported.

Or if coding isn't in your skill set, try the various php libraries
around. http://www.phpclasses.org comes to mind. They have a bunch of
stuff.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

"Tex John" <john@logontexas.com> wrote in message
news:3Tk0e.37488$8D.27737@tornado.texas.rr.com...[color=blue]
> Is there a way to do asymmetric encryption purely in PHP?
>
> Not for e-mail...could care less. But for credit card number processing,[/color]
if[color=blue]
> the bookkeeper could have a password she typed in every time she ran a[/color]
batch[color=blue]
> to unencrypt credit card numbers AND that number was not stored anywhere[/color]
on[color=blue]
> the webserver, several clients would be much less worried :>)
>
> This is implying of course the numbers are encrypted on the server when[/color]
they[color=blue]
> are initially inserted into the database using a key on the server a[/color]
hacker[color=blue]
> could find with enough looking.
>
> tia,
> John
> in Houston[/color]

Don't know if anyone has ported RSA to pure PHP. I remember there was a guy
(insane?) who implemented RSA in Javascript. Since Javascript doesn't do
anything that PHP can't, you should have no problem porting it.