-
August 11th, 2005, 08:41 PM
#1
Member
Using gpg with PHP and MySQL
Really not sure if this is where this question belongs.
I am looking for advise (a good example) on using gpg with PHP to encrypt data going into a MySQL database.
-
August 11th, 2005, 09:04 PM
#2
Junior Member
-
August 11th, 2005, 09:17 PM
#3
Junior Member
mcrypt
Just a ()sis for encryption and php :
Another way to encrypt data with php/mysql kind of handy is to use the php mcrypt integrated functions (configure --with-mycrypt, and you will also need libmcrypt from mcrypt.sourceforge.net) .
From the php manual :
This is an interface to the mcrypt library, which supports a wide variety of block algorithms such as DES,
TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB
cipher modes. Additionally, it supports RC6 and IDEA which are considered "non-free".
a few lines of code using mcrypt to encode and decode :
here the codes use a key , part of it sent in the variable $id, the other part created by
some substr/md5/uniqid (php functions) into the variable $semikey . both variables concated into $key - the other part of the code is stolen from php.net and mysql got no password set which sucks.
<?
$semikey = substr( md5(uniqid("salt")) ,0,9);
$text = $Email;
$key = $id.$semikey;
$iv_size = mcrypt_get_iv_size(MCRYPT_XTEA, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$enc = urlencode(mcrypt_encrypt(MCRYPT_XTEA, $key, $text, MCRYPT_MODE_ECB, $iv));
$fd = mysql_connect("localhost","root","");
$query1 = "INSERT INTO notsosecure VALUES(NULL,'$id','$semikey','0','0','0','0','$enc')";
$result1 = mysql_db_query("secured",$query1);
?>
As you can see $id and $semikey are stored just next to the encrypted value, to help decrypt it ... later -> i insist that normally thoses values should be sent somewhere else, because here is highly unsecure.. but this is just an example. $enc is the encrypted data (urlencoded for being php friendly)
Here is the decryption : We catch the variable $id to know what item to decrypt, we remake the key from the fields salt ($semikey) and $id, and we decrypt..
<?
$fd = mysql_connect("localhost","root","");
$query = "SELECT * FROM notsosecure WHERE id_link='$id'";
$result = mysql_db_query("secured",$query);
$row = mysql_fetch_array($result);
$text = $row['encrypted'];
$semikey = $row['salt'];
$key = $id.$semikey;
$iv_size = mcrypt_get_iv_size(MCRYPT_XTEA, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$denc = mcrypt_decrypt(MCRYPT_XTEA, $key, urldecode($text), MCRYPT_MODE_ECB, $iv);
?>
As you can imagine $denc contains the non encrypted string, urldecoded of $text, of course.
deepmega.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|