Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
nixischev2014-11-06 23:58:31
PHP
nixischev, 2014-11-06 23:58:31

How to encrypt/protect a string in PHP (with subsequent decryption)?

Good day!
I want to warn you right away - I have not come across encryption in PHP before, so I ask you to explain "on your fingers" or give links to explanatory materials.
Background:
There is a self-written in-house "product", which in its essence is something like a wiki. The information is stored in files (ordinary text files), the task arose to somehow encrypt these files so that by themselves (with direct access) they would not be readable, but when accessed through the "wiki" they could be opened by any user.
Problem aggravations:
1. The text is encrypted automatically by the system
2. The user cannot have a decryption key
My assumption for solving this problem comes down to the following algorithm:
1. An encryption / decryption key is generated and written to some config (We generate something like this: we take random numbers, cache them in md5, add a "salt", more random numbers and cache them again)
2. Encrypt files with this key and decrypt them But here
the following problem appears - if they get access to files with data (albeit encrypted), then they will also get access to the decryption key, therefore, the question is: How in this case can you encrypt / decrypt the string as safely as possible? Those. so that an attacker who has access to encrypted files cannot decrypt them.
Thank you in advance!
pS: I ask you to immediately answer the following questions: What library for encryption should I use (I look towards mcrypt)? What encryption method/algorithm to use?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
I
Ivan Gontarenko, 2014-11-07
@dez-fafara

=)

<?php

    $data           = 'my secrect string...';
    $key            = md5( 'passwd123' );

    $crypted        = $data ^ str_pad( '', strlen( $data ), $key );
    print_r( $crypted ); // \HGZPLCE_VTJ

    $decrypted      = $crypted ^ str_pad( '', strlen( $crypted ), $key );
    print_r( $decrypted ); // my secrect string...

    // меняем пасс
    $decrypted      = $crypted ^ str_pad( '', strlen( $crypted ), md5( 'passwd321' ) );
    print_r( $decrypted ); // m{r"6<"ae{zw+poc0u)

Report
S
Sergey, 2014-11-06
Protko @Fesor

php.net/manual/en/ref.gnupg.php

Report
X
xmoonlight, 2014-11-07
@xmoonlight

and is written to some config
What if they get access to web server scripts?

Report
O
OnYourLips, 2014-11-07
@OnYourLips

No way. You can always put a breakpoint and get clean data.

Report
R
Rsa97, 2014-11-07
@Rsa97

And then they will run wget or another spider recursively and download the entire site in decrypted form.

Similar questions
S
sergeybogevolny2015-04-06 21:36:50
Is there an example of interaction between bootstrap wizard form and php? 2Reply
I
ITpie2021-03-25 20:16:06
How to make docker to test python code with certain libraries? 3Reply
M
Matvey Bubenets2017-04-20 04:38:37
How to disable Remote Desktop Licensing? 6Reply
D
Dmitry2015-05-19 23:34:41
A book on C-C++ where is the description of the language with analogies? 5Reply
I
Ivan Zhuravlev2019-10-07 20:13:32
How to set up routing on Raspberry Pi? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question