Ask a Question related to PHP Development, Design and Development.
-
Google Mike #1
Get String Encryption Without Reconfiguring or Recompiling PHP
Of course, one could always use other kinds of
encryption/encoding/obfuscation techniques such as XOR complement, but
this example provides an extremely secure version using methods like
Blowfish, MD5, DES, etc.
This took me about 4 hours to figure out and perfect, but the two
functions below will work with PHP on many versions of Linux. I have
RedHat 9, in this case. I designed this to use a pretty small
compression and encryption style, yet work just fine as far as storing
in a cookie.
I'm using Blowfish here, but you can switch the "-bf" to other
encryption types. For those of you with Linux, do a "man openssl" to
see the others that are available.
The routine isn't bad for a 15 user business app on a 2.4Ghz Pentium.
However, you'll find it's somewhat slow for larger-scale operations,
unfortunately, because you have to write 2 files for each function. If
someone knows how to use openssl without files, I'd be interested to
see your example.
function Encrypt($val, $pass) {
$val = str_replace("'", "#%$", $val);
$file = tempnam('','php-encrypt-');
exec("echo -E '$val' > $file.dec");
exec("openssl enc -a -bf -in $file.dec -out $file.enc -e -pass
pass:$pass");
$myfile = file("$file.enc");
exec("rm $file");
exec("rm $file.dec");
exec("rm $file.enc");
while (list($line_num, $line) = each($myfile)) {
$result .= $line;
}
$result = base64_encode($result);
$result = urlencode($result);
return $result;
}
function Decrypt($val, $pass) {
$val = urldecode($val);
$val = base64_decode($val);
$file = tempnam('','php-decrypt-');
exec("echo -E '$val' > $file.enc");
exec("openssl enc -a -bf -in $file.enc -out $file.dec -d -pass
pass:$pass");
$myfile = file("$file.dec");
exec("rm $file");
exec("rm $file.enc");
exec("rm $file.dec");
while (list($line_num, $line) = each($myfile)) {
$result .= $line;
}
$result = substr($result, 0, strlen($result)-1);
$result = str_replace("#%$", "'", $result);
return $result;
}
Here's a sample of how big the encrypted string can be when I used the
password "wow":
6 chars = 44 chars
20 chars = 76 chars
50 chars = 134 chars
100 chars = 224 chars
Here's a sample encrypted string:
VTJGc2RHVmtYMSt4azRFdjN2QXlzVkJZRFBMMTdHNmNlQWdGZF F0ZmlkNS9CQndPOGtIOGV3PT0K
Google Mike Guest
-
Reconfiguring my network
I currently own my own domain name, and run a dns server that services only the lan (i.e. It just forwards requests to my ISP's dns server, and... -
Reconfiguring PHP with MySQL in WinXp
Hi all, I used PHP installer binary to install PHP. Then I installed MySQL. Now how do I reconfigure PHP to connect to MySQL? In PHP installer,... -
Need Help Recompiling PHP
I am running RedHat 9.0 with php-4.3.4 and Apache 2. I'm trying to add --enable-ftp and --with-openssl, but everytime I recompile nothing at all... -
Encryption of the query string in the URL
Hi We found out about this weird problem that happens on the encrypted string that we send across as a query string on the url. The page shows the... -
database connection string encryption and decryption
Hi I want to encrypt the database connection string and add it to web.config file. Before connecting to the database I want to decrypt it. Can...
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
