By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,050 Members | 1,343 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,050 IT Pros & Developers. It's quick & easy.

Encrypting files

P: n/a
I need some sort of file encryption that I can invoke from my PHP web pages,
to protect sensitive files uploaded/downloaded by clients.

I use https (SSL) for the upload/download, but once the transfer is
complete, the files will reside on the server in unencrypted form. I want to
be able to apply at least one form of file encryption (Blowfish, AES, etc.).

Every PHP solution that I've found so far seems too slow or too limited. The
files I need to encrypt average from 5MB to 10MB in size. How can I use
mcrypt() with files this large? It seems like my server is killing the PHP
process before it can complete (maybe taking too long?). It can run to
completion if I use a smaller file (e.g. 50KB).

My server is a version of Redhat with Apache.

Can anyone recommend the easiest/fastest way to integrate file encryption
into my website? Using a PHP class? Using shell_exec? Using CGI/Perl?

If the encryption process would take too long to occur in real-time while
the user is waiting for the page to complete, I can probably trigger a cron
job to do the encryption in background.

Thanks in advance for any advice.

Ed
Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
In article <OY********************@adelphia.com>,
"Ed J" <je*@privacy.net> wrote:
It seems like my server is killing the PHP
process before it can complete (maybe taking too long?). It can run to
completion if I use a smaller file (e.g. 50KB).


You could issue a

set_time_limit(0);

before starting the encryption process.

JP

--
Sorry, <de*****@cauce.org> is een "spam trap".
E-mail adres is <jpk"at"akamail.com>, waarbij "at" = @.
Jul 17 '05 #2

P: n/a

"Jan Pieter Kunst" <de*****@cauce.org> wrote in message
news:de***************************@news1.news.xs4a ll.nl...
In article <OY********************@adelphia.com>,
"Ed J" <je*@privacy.net> wrote:
It seems like my server is killing the PHP
process before it can complete (maybe taking too long?). It can run to
completion if I use a smaller file (e.g. 50KB).


You could issue a

set_time_limit(0);

before starting the encryption process.

JP


JP! How could you! set_time_limit(1000); by all means! But never 0! 8)

Garp
Jul 17 '05 #3

P: n/a
"Ed J" <je*@privacy.net> wrote in message
news:OY********************@adelphia.com...
I need some sort of file encryption that I can invoke from my PHP web pages, to protect sensitive files uploaded/downloaded by clients.

I use https (SSL) for the upload/download, but once the transfer is
complete, the files will reside on the server in unencrypted form. I want to be able to apply at least one form of file encryption (Blowfish, AES,

etc.).

Using a symmetric cypher like Blowfish or AES alone won't give you any
additional security, because the key would reside in your PHP file. You need
to use some kind of public-key-private-key encryption, like RSA, so that the
web server can encrypt but not decrypt the files.

The easiest way is probably to spawn an instance of PGP or something
similiar.
Jul 17 '05 #4

P: n/a
On 4/14/04 7:48 PM, in article zv********************@comcast.com, "Chung
Leong" <ch***********@hotmail.com> wrote:
"Ed J" <je*@privacy.net> wrote in message
news:OY********************@adelphia.com...
I need some sort of file encryption that I can invoke from my PHP web pages,
to protect sensitive files uploaded/downloaded by clients.

I use https (SSL) for the upload/download, but once the transfer is
complete, the files will reside on the server in unencrypted form. I want

to
be able to apply at least one form of file encryption (Blowfish, AES,

etc.).

Using a symmetric cypher like Blowfish or AES alone won't give you any
additional security, because the key would reside in your PHP file. You need
to use some kind of public-key-private-key encryption, like RSA, so that the
web server can encrypt but not decrypt the files.


Actually, I just finished an article for International PHP Magazine (
http://www.phpmag.net ) that addresses the issues involved with symmetric
cyphers in interpreted languages like PHP. There *are* lots of options.
Should hit the newsstands at the end of the month.
The easiest way is probably to spawn an instance of PGP or something
similiar.


Spawning an instance is not secure on multi-user systems. See:

http://www.zend.com/zend/tut/tutorial-brogdon.php

Last time I checked John Coggeshall was working on a PECL module for
libgcrypt.

Cheers,
Robert
--
Robert Peake | Peake Professional Consulting
Ro****@PeakePro.com | http://www.peakepro.com/

Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.