Best encryption technique

Another question - how should the encryption/decryption key be shared
between the two programs?
Is it secure enough if the .php script contains a single static key on
both the ends - or is there a better way to share the key?
May want to place the key in a separate file. After all, it's data, not
code, and tgus makes it easier to change the key as required.

Also, I'm very much hoping you have an asymmetric cipher in mind here
(public-key cryptography). You might as well not bother with encryption
at all if you will be leaving the decryption key on the server.

I'd go for AES-128 for bulk encrypting each file with a random key, and
RSA-2048 for encrypting the symmetric keys.
Never used mcrypt, or done crypto at all using php, but any decent suite
should support those ciphers.
Your whole approach sounds a tad awkward, though. Why store credit card
info on a web server in the first place, especially if it's ment to end
up somewhere else..? You know best, though. Best of luck.

Thanks,
Harold

Also, I'm very much hoping you have an asymmetric cipher in mind here (public-key cryptography). You might as well not bother with encryption at all if you will be leaving the decryption key on the server.
That's my worry as well !
Can you briefly describe how the public-key approach should work,
especially if a random key is used as you suggested.

The entire approach is supposed to be asynchronous and the two
applications (the one that dumps the files, and the other that reads
them) are not "aware" of each other.
I'd go for AES-128 for bulk encrypting each file with a random key, and RSA-2048 for encrypting the symmetric keys.
How about using 3DES (triple DES) - it is supported by mcrypt.
It is 192-bit encryption.
Is that any good?

Can you explain what you meant by symmetric keys and asymmetric keys?
Your whole approach sounds a tad awkward, though. Why store credit card info on a web server in the first place, especially if it's ment to end up somewhere else..?

Frank,

Frank wrote:

Also, I'm very much hoping you have an asymmetric cipher
in mind here (public-key cryptography). You might as well
not bother with encryption at all if you will be leaving
the decryption key on the server.

That's my worry as well !
Can you briefly describe how the public-key approach should work,
especially if a random key is used as you suggested. *copy & paste* Can you explain what you meant by symmetric keys and asymmetric keys?

Asymmetric ciphers work with two keys, one for encryption and a
different one for decryption. You'll obviously only be storing the
encryption key on your web server.

Problem is, public-key algorithms aren't very efficient, so you use a
different algorithm for encrypting the content, then encrypt that key
using public-key crypto and store it along with the encrypted data somehow.
I'd go for AES-128 for bulk encrypting each file with a random key,
and RSA-2048 for encrypting the symmetric keys.

How about using 3DES (triple DES) - it is supported by mcrypt.
It is 192-bit encryption.
Is that any good?

Greetings,

I have a requirement of storing some .xml files on a web server.
The files will contain financial information like credit card numbers,
so I would like to encrypt them.