473,238 Members | 1,745 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,238 software developers and data experts.

Asymmetric Encryption in PHP?

Is there a way to do asymmetric encryption purely in PHP?

Not for e-mail...could care less. But for credit card number processing, if
the bookkeeper could have a password she typed in every time she ran a batch
to unencrypt credit card numbers AND that number was not stored anywhere on
the webserver, several clients would be much less worried :>)

This is implying of course the numbers are encrypted on the server when they
are initially inserted into the database using a key on the server a hacker
could find with enough looking.

tia,
John
in Houston
Jul 17 '05 #1
6 4560
Tex John <jo**@logontexas.com> wrote:
Is there a way to do asymmetric encryption purely in PHP?


Define purely PHP.

Is http://nl3.php.net/openssl pure enough? Or somehting like
http://www.edsko.net/phpsource.php?f...ojects/rsa.php ?

Jul 17 '05 #2
Well, I'll loosen that up and say "not require a recompile of php or apache"
to get gpg or pgp to work and "not use an exec or system call"

John
Daniel Tryba" <pa**********@invalid.tryba.nl> wrote in message
news:42*********************@news6.xs4all.nl...
Tex John <jo**@logontexas.com> wrote:
Is there a way to do asymmetric encryption purely in PHP?


Define purely PHP.

Is http://nl3.php.net/openssl pure enough? Or somehting like
http://www.edsko.net/phpsource.php?f...ojects/rsa.php ?

Jul 17 '05 #3
Tex John <jo**@logontexas.com> wrote:

Please don't TOFU
Well, I'll loosen that up and say "not require a recompile of php or apache"
to get gpg or pgp to work and "not use an exec or system call"


Then what is you php/apache config?

Jul 17 '05 #4
1) I don't eat tofu so explain and I'll leave it out of my posts, too

2) I work for clients that have various configs. Almost all at least lease
their own boxes, but only one has the box actually at his location. So it
varies...and getting recompiles done can be problematic.

John
"Daniel Tryba" <pa**********@invalid.tryba.nl> wrote in message
news:42*********************@news6.xs4all.nl...
Tex John <jo**@logontexas.com> wrote:

Please don't TOFU
Well, I'll loosen that up and say "not require a recompile of php or apache" to get gpg or pgp to work and "not use an exec or system call"


Then what is you php/apache config?

Jul 17 '05 #5
In article <VD******************@tornado.texas.rr.com>,
"Tex John" <jo**@logontexas.com> wrote:
1) I don't eat tofu so explain and I'll leave it out of my posts, too

2) I work for clients that have various configs. Almost all at least lease
their own boxes, but only one has the box actually at his location. So it
varies...and getting recompiles done can be problematic.

John
"Daniel Tryba" <pa**********@invalid.tryba.nl> wrote in message
news:42*********************@news6.xs4all.nl...
Tex John <jo**@logontexas.com> wrote:

Please don't TOFU
Well, I'll loosen that up and say "not require a recompile of php or apache" to get gpg or pgp to work and "not use an exec or system call"


Then what is you php/apache config?


TOFU == "Text Over Full Quote Under" i.e. "Don't top post":

Why Top Posting is bad:

http://mailformat.dan.info/quoting/top-posting.html

Primer on Usenet posting customs in news groups
http://members.fortunecity.com/nnqweb/nquote.html

Bottom vs. top posting and quotation style on Usenet
http://www.cs.tut.fi/~jkorpela/usenet/brox.html

Why bottom-posting is better than top-posting
http://www.caliburn.nl/topposting.html

+What do you mean "my reply is upside-down"?
http://www.i-hate-computers.demon.co.uk/

The advantages of usenet's quoting conventions
http://homepage.ntlworld.com/g.mccau...ks/uquote.html

Why should I place my response below the quoted text?
http://allmyfaqs.com/cgi-bin/wiki.pl...bottom-posting

Quoting Style in Newsgroup Postings
http://www.xs4all.nl/%7ewijnands/nnq/nquote.html

[now back to your question]

You could "roll your own" simple encryption? It's easy enough to
something like XOR'ing the consecutive bytes (repeated as needed to pad)
of the password string with the clear text. Store the MD5 checksum of
the password for comparing for validity before decrypting. It's a
two-way algorithm. No need to recompile anything and can be ported.

Or if coding isn't in your skill set, try the various php libraries
around. http://www.phpclasses.org comes to mind. They have a bunch of
stuff.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Jul 17 '05 #6
"Tex John" <jo**@logontexas.com> wrote in message
news:3T******************@tornado.texas.rr.com...
Is there a way to do asymmetric encryption purely in PHP?

Not for e-mail...could care less. But for credit card number processing, if the bookkeeper could have a password she typed in every time she ran a batch to unencrypt credit card numbers AND that number was not stored anywhere on the webserver, several clients would be much less worried :>)

This is implying of course the numbers are encrypted on the server when they are initially inserted into the database using a key on the server a hacker could find with enough looking.

tia,
John
in Houston


Don't know if anyone has ported RSA to pure PHP. I remember there was a guy
(insane?) who implemented RSA in Javascript. Since Javascript doesn't do
anything that PHP can't, you should have no problem porting it.
Jul 17 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Arpan | last post by:
How to decrypt a message using Asymmetric Algorithm (RSA Crypto Service provider) using .Net. I have successfully sent an encrypted message using recepient's public key but dont know how to...
13
by: Andy Chau | last post by:
I try to use RSA to implement the following scheme but wasn't sucessful. Sever encrypt a message using a public key, the client decrpyt the message using a private key. I don't want the client...
2
by: Paul Fi | last post by:
I have this encryption scheme that I want to implement: I have an authentication server, which takes clients' credentials to complete authentication but first I have to encrypt the credentials, I...
1
by: Bart | last post by:
Dear all, I would like to encrypt a large amount of data by using public/private keys, but I read on MSDN: "Symmetric encryption is performed on streams and is therefore useful to encrypt large...
0
by: ddnash | last post by:
We are installing an application that requires access to the ms-sql-m protocol (UDP/1434) as well as the data port (TCP/1433). The SQL Server we are using is part of an N+1 cluster. The issue is...
4
by: pintu | last post by:
Hello everybody.. I hav some confusion regarding asymmetric encryption.As asymmetric encryption it there is one private key and one public key.So any data is encrypted using private key and the...
3
by: dfa_geko | last post by:
Hi All, I had a question about encrypting and decrypting XML files using asymmetric keys. I copied some sample code from MSDN, here are the samples: ...
3
by: Bruce | last post by:
How can I encrypt strings using an asymmetric key? I want to encrypt short strings (credit card numbers, etc.) and save the encrypted strings into a database. When accessing the data (i.e. the...
0
by: steven acer | last post by:
Hi, i'm trying to use the .NET cryptography API to encrypt XML data and move XML files between computers. i'm using asymmetric keys to encrypt the xml tag data with the receiver's public key, then...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.