PDA

Click to See Complete Forum and Search --> : Using gpg with PHP and MySQL

netman4ttm
August 11th, 2005, 09:41 PM
Really not sure if this is where this question belongs.
I am looking for advise (a good example) on using gpg with PHP to encrypt data going into a MySQL database.
deepmega
August 11th, 2005, 10:04 PM
http://www.zend.com/zend/tut/tutorial-brogdon.php
deepmega
August 11th, 2005, 10:17 PM
Just a ()sis for encryption and php :

Another way to encrypt data with php/mysql kind of handy is to use the php mcrypt integrated functions (configure --with-mycrypt, and you will also need libmcrypt from mcrypt.sourceforge.net) .

From the php manual :
This is an interface to the mcrypt library, which supports a wide variety of block algorithms such as DES,
TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB
cipher modes. Additionally, it supports RC6 and IDEA which are considered "non-free".

a few lines of code using mcrypt to encode and decode :
here the codes use a key , part of it sent in the variable $id, the other part created by
some substr/md5/uniqid (php functions) into the variable $semikey . both variables concated into $key - the other part of the code is stolen from php.net and mysql got no password set which sucks.

<?

$semikey = substr( md5(uniqid("salt")) ,0,9);
$text = $Email;
$key = $id.$semikey;

$iv_size = mcrypt_get_iv_size(MCRYPT_XTEA, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$enc = urlencode(mcrypt_encrypt(MCRYPT_XTEA, $key, $text, MCRYPT_MODE_ECB, $iv));

$fd = mysql_connect("localhost","root","");
$query1 = "INSERT INTO notsosecure VALUES(NULL,'$id','$semikey','0','0','0','0','$enc')";
$result1 = mysql_db_query("secured",$query1);

?>

As you can see $id and $semikey are stored just next to the encrypted value, to help decrypt it ... later -> i insist that normally thoses values should be sent somewhere else, because here is highly unsecure.. but this is just an example. $enc is the encrypted data (urlencoded for being php friendly)

Here is the decryption : We catch the variable $id to know what item to decrypt, we remake the key from the fields salt ($semikey) and $id, and we decrypt..

<?
$fd = mysql_connect("localhost","root","");
$query = "SELECT * FROM notsosecure WHERE id_link='$id'";
$result = mysql_db_query("secured",$query);
$row = mysql_fetch_array($result);

$text = $row['encrypted'];
$semikey = $row['salt'];

$key = $id.$semikey;

$iv_size = mcrypt_get_iv_size(MCRYPT_XTEA, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

$denc = mcrypt_decrypt(MCRYPT_XTEA, $key, urldecode($text), MCRYPT_MODE_ECB, $iv);

?>

As you can imagine $denc contains the non encrypted string, urldecoded of $text, of course.

deepmega.