Greetings,
I have a requirement of storing some .xml files on a web server.
The files will contain financial information like credit card numbers,
so I would like to encrypt them.
The files will stay there until another program downloads them and
deletes the files.
My question is - which of the functions in the mcrypt library provide
the best encryption for files?
The files will be relatively small - between 2KB - 30KB.
I would like the strongest possible encryption because some pretty good
hackers may attempt to get at these files if someone figures out that
there are credit card numbers out there.
Another question - how should the encryption/decryption key be shared
between the two programs?
Is it secure enough if the .php script contains a single static key on
both the ends - or is there a better way to share the key?
Thanks,
Harold
4  3422 
Harold Crump wrote: Another question - how should the encryption/decryption key be shared
between the two programs?
Is it secure enough if the .php script contains a single static key on
both the ends - or is there a better way to share the key?
May want to place the key in a separate file. After all, it's data, not
code, and tgus makes it easier to change the key as required.
Also, I'm very much hoping you have an asymmetric cipher in mind here
(public-key cryptography). You might as well not bother with encryption
at all if you will be leaving the decryption key on the server.
I'd go for AES-128 for bulk encrypting each file with a random key, and
RSA-2048 for encrypting the symmetric keys.
Never used mcrypt, or done crypto at all using php, but any decent suite
should support those ciphers.
Your whole approach sounds a tad awkward, though. Why store credit card
info on a web server in the first place, especially if it's ment to end
up somewhere else..? You know best, though. Best of luck.
Thanks,
Harold
Frank,
Frank wrote: Also, I'm very much hoping you have an asymmetric cipher in mind here
(public-key cryptography). You might as well not bother with
encryption at all if you will be leaving the decryption key on the server.
That's my worry as well !
Can you briefly describe how the public-key approach should work,
especially if a random key is used as you suggested.
The entire approach is supposed to be asynchronous and the two
applications (the one that dumps the files, and the other that reads
them) are not "aware" of each other.
I'd go for AES-128 for bulk encrypting each file with a random key,
and RSA-2048 for encrypting the symmetric keys.
How about using 3DES (triple DES) - it is supported by mcrypt.
It is 192-bit encryption.
Is that any good?
Can you explain what you meant by symmetric keys and asymmetric keys?
Your whole approach sounds a tad awkward, though. Why store credit
card info on a web server in the first place, especially if it's ment to
end up somewhere else..?
I know !! But there is no other way to integrate these two apps that we
could find, and the customer is aware of the security risk involved.
We are going to try and setup an HTTPS channel between the two app so
that the file transfer can be more secure.
Thanks again,
Harold
Harold Crump wrote: Frank,
Frank wrote:
Also, I'm very much hoping you have an asymmetric cipher
in mind here (public-key cryptography). You might as well
not bother with encryption at all if you will be leaving
the decryption key on the server.
That's my worry as well !
Can you briefly describe how the public-key approach should work,
especially if a random key is used as you suggested.
*copy & paste* Can you explain what you meant by symmetric keys and asymmetric keys?
Asymmetric ciphers work with two keys, one for encryption and a
different one for decryption. You'll obviously only be storing the
encryption key on your web server.
Problem is, public-key algorithms aren't very efficient, so you use a
different algorithm for encrypting the content, then encrypt that key
using public-key crypto and store it along with the encrypted data somehow.
I'd go for AES-128 for bulk encrypting each file with a random key,
and RSA-2048 for encrypting the symmetric keys.
How about using 3DES (triple DES) - it is supported by mcrypt.
It is 192-bit encryption.
Is that any good?
I'm no crypto guru, so best do a little research yourself here.
I did look up mcrypt just now, and it seems to have support for
Rijndael, which is another name for the AES algorithm. If your library
version doesn't have Rijndael-128, I'd go with Blowfish over 3DES, which
AFAIK is very broken.
Couldn't find anything solid on publick key ciphers for php in what
little time I spent googling, though.
Good luck.
"Harold Crump" <or**********@yahoo.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com... Greetings,
I have a requirement of storing some .xml files on a web server.
The files will contain financial information like credit card numbers,
so I would like to encrypt them.
I wonder how worthwhile encryption is in this case. If a hacker manages to
hack into your server, then he could easily modify your PHP script so that
the file is encrypted with a known key instead of a random one.
You time could be better spent improving the security of the server,
methinks. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Kamilche |
last post by:
I've looked at a few alternatives for encryption with Python, and
didn't come up anything very speedy.
I've written an encryption algorithm in pure Python that can process
22 megs of data a...
|
by: gaurav khanna |
last post by:
Hi
I need to store the credit card information in my database. I have
been looking for some third party tools which could provide encryption
for credit card numbers.
The help I need is:
a)...
|
by: MLH |
last post by:
Here's what I would like to do from with VBA procedure
running in Access 97...
Read a plaintext file on disk (IE, autoexec.bat), encrypt
it and write it to disk (say, c:\encryptd.txt)....
|
by: Bonj |
last post by:
I was in need of an encryption algorithm to the following requirements:
1) Must be capable of encrypting strings to a byte array, and decyrpting
back again to the same string
2) Must have the same...
|
by: Anonieko Ramos |
last post by:
ASP.NET Forms Authentication Best Practices
Dr. Dobb's Journal February 2004
Protecting user information is critical
By Douglas Reilly
Douglas is the author of Designing Microsoft ASP.NET...
|
by: robert |
last post by:
Hello,
I want to put (incrementally) changed/new files from a big file tree
"directly,compressed and password-only-encrypted" to a remote backup
server incrementally via FTP,SFTP or DAV.... At...
|
by: tshad |
last post by:
I am trying to find the best procedure for storing keys used for encryption.
This would also be a question for the connection string to the database. At
the moment, this is kept in the web.info...
|
by: olafinsbraaten |
last post by:
I am using column-level encryption (ENCRYPT_CHAR, DECRYPT_CHAR) to
protect selected columns in DB2 LUW v.9.1 and v.9.5 on Linux. The
ultimate goal is to support the requirements put forward in...
|
by: Max2006 |
last post by:
Hi,
In our production environment, we would like to protect our database
connection string against system administrators (they are admin on the web
server box)
I went through this article that...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
