Answer the question
In order to leave comments, you need to log in
How to encrypt/protect a string in PHP (with subsequent decryption)?
Good day!
I want to warn you right away - I have not come across encryption in PHP before, so I ask you to explain "on your fingers" or give links to explanatory materials.
Background:
There is a self-written in-house "product", which in its essence is something like a wiki. The information is stored in files (ordinary text files), the task arose to somehow encrypt these files so that by themselves (with direct access) they would not be readable, but when accessed through the "wiki" they could be opened by any user.
Problem aggravations:
1. The text is encrypted automatically by the system
2. The user cannot have a decryption key
My assumption for solving this problem comes down to the following algorithm:
1. An encryption / decryption key is generated and written to some config (We generate something like this: we take random numbers, cache them in md5, add a "salt", more random numbers and cache them again)
2. Encrypt files with this key and decrypt them But here
the following problem appears - if they get access to files with data (albeit encrypted), then they will also get access to the decryption key, therefore, the question is: How in this case can you encrypt / decrypt the string as safely as possible? Those. so that an attacker who has access to encrypted files cannot decrypt them.
Thank you in advance!
pS: I ask you to immediately answer the following questions: What library for encryption should I use (I look towards mcrypt)? What encryption method/algorithm to use?
Answer the question
In order to leave comments, you need to log in
=)
<?php
$data = 'my secrect string...';
$key = md5( 'passwd123' );
$crypted = $data ^ str_pad( '', strlen( $data ), $key );
print_r( $crypted ); // \HGZPLCE_VTJ
$decrypted = $crypted ^ str_pad( '', strlen( $crypted ), $key );
print_r( $decrypted ); // my secrect string...
// меняем пасс
$decrypted = $crypted ^ str_pad( '', strlen( $crypted ), md5( 'passwd321' ) );
print_r( $decrypted ); // m{r"6<"ae{zw+poc0u)
and is written to some configWhat if they get access to web server scripts?
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question