0

I have a concatenated string and I want to pass it as query string. For security, I want to encrypt the concatenated string using gpg private key that resides in the same folder where this .php file resides on the remote server.

I want to know whether it is safe to keep the public and private keys on the remote server and use it for encryption and decryption.

Improve this question
1
  • I don't know if I got you correctly: Is this php file accessible from the web? If so and the private key resides in the same folder, the key is probably also accessible from the web which is totally insecure. Commented Dec 15, 2009 at 14:37

2 Answers 2

Reset to default
1

First question: Why? - If you're transferring data on the same server use PHP sessions or store it in a database. IF you want to transport data from one server to another server use another communication channel between these too, like a HTTP request POSTing the data.

IF you still want to do it: I won't use GPG for this as this produces quite some CPU load and increases the size of the message dramatically, assuminf your data is relatively short. It's better to use blowfisch or similar algorithms, see PHP's crypt function for instance.

About the security: It is more or less as secure as the whole server is but you should make sure your private key is hidden outside the document root of the web server. And read rights should be limited to the web server user ...

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Can it be done using conventional encryption? Is it secure to store unencrypted string in session?
What is conventional encryption? Storing data in the session is - again - as secure as your web server. If it's hosted by a hosting company they might have access to the session - but they also have access to the key then. If your server is in your data center, protected by physical locks and running fully patched software it's fairly secure.
Some column values contain long text that was typed in the Text Area control. How much data the session can hold?
0

Try these PHP functions convert_uuencode and convert_uudecode

function encrypt_decrypt ($data, $encrypt) {
    if ($encrypt == true) {
        $output = base64_encode (convert_uuencode ($data));
    } else {
        $output = convert_uudecode (base64_decode ($data));
    }
    return $output;
}

$enc_txt = encrypt_decrypt ("QUERY TEXT", true);
echo $enc_txt."\n";
// KjQ1NSU0RURANSQ1ODVgYGAKYAo=
echo encrypt_decrypt ($enc_txt, false);
// QUERY TEXT
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.