Using gpg with PHP and MySQL
Results 1 to 3 of 3

Thread: Using gpg with PHP and MySQL

  1. #1

    Using gpg with PHP and MySQL

    Really not sure if this is where this question belongs.
    I am looking for advise (a good example) on using gpg with PHP to encrypt data going into a MySQL database.

  2. #2

  3. #3
    Junior Member
    Join Date
    Aug 2005
    Posts
    7

    mcrypt

    Just a ()sis for encryption and php :

    Another way to encrypt data with php/mysql kind of handy is to use the php mcrypt integrated functions (configure --with-mycrypt, and you will also need libmcrypt from mcrypt.sourceforge.net) .

    From the php manual :
    This is an interface to the mcrypt library, which supports a wide variety of block algorithms such as DES,
    TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB
    cipher modes. Additionally, it supports RC6 and IDEA which are considered "non-free".

    a few lines of code using mcrypt to encode and decode :
    here the codes use a key , part of it sent in the variable $id, the other part created by
    some substr/md5/uniqid (php functions) into the variable $semikey . both variables concated into $key - the other part of the code is stolen from php.net and mysql got no password set which sucks.

    <?

    $semikey = substr( md5(uniqid("salt")) ,0,9);
    $text = $Email;
    $key = $id.$semikey;

    $iv_size = mcrypt_get_iv_size(MCRYPT_XTEA, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $enc = urlencode(mcrypt_encrypt(MCRYPT_XTEA, $key, $text, MCRYPT_MODE_ECB, $iv));

    $fd = mysql_connect("localhost","root","");
    $query1 = "INSERT INTO notsosecure VALUES(NULL,'$id','$semikey','0','0','0','0','$enc')";
    $result1 = mysql_db_query("secured",$query1);

    ?>

    As you can see $id and $semikey are stored just next to the encrypted value, to help decrypt it ... later -> i insist that normally thoses values should be sent somewhere else, because here is highly unsecure.. but this is just an example. $enc is the encrypted data (urlencoded for being php friendly)

    Here is the decryption : We catch the variable $id to know what item to decrypt, we remake the key from the fields salt ($semikey) and $id, and we decrypt..

    <?
    $fd = mysql_connect("localhost","root","");
    $query = "SELECT * FROM notsosecure WHERE id_link='$id'";
    $result = mysql_db_query("secured",$query);
    $row = mysql_fetch_array($result);

    $text = $row['encrypted'];
    $semikey = $row['salt'];

    $key = $id.$semikey;

    $iv_size = mcrypt_get_iv_size(MCRYPT_XTEA, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

    $denc = mcrypt_decrypt(MCRYPT_XTEA, $key, urldecode($text), MCRYPT_MODE_ECB, $iv);

    ?>

    As you can imagine $denc contains the non encrypted string, urldecoded of $text, of course.

    deepmega.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides