NYCPHP Meetup

[Dell Sala]

Rolan Yang wrote:

> Whenever I need to store credit card data, I encrypt it with GPG  
> before storing it in the database. The private key file is not to  
> be stored on the same machine and should definitely not be  
> accessible by the web server!

That's always been my understanding. But it occurred to me that the  
private key is useless without the pass-phrase. What if the secret  
key is stored on the same machine as the encrypted data, but the pass- 
phrase isn't?

As long as the pass-phrase is submitted along with every request that  
shows decrypted data, the pass-phrase never needs to be stored on the  
server ... unless of course the pass-phrase is somehow accessible by  
the use of shell_exec.

Dan Cech wrote:

> A much better approach is to use the proc_open function to execute the
> process and allow you to provide the passphrase directly to the gpg
> process on stdin and read the decrypted data from stdout.  This way  
> the
> passphrase & cleartext are much less vulnerable to simple sniffing by
> other users of the machine.

This sounds like a good suggestion. It seems to solve the shell_exec  
problem.

I'd just love to create a simple solution for storing sensitive data  
without requiring a special decryption setup on the client side. What  
do you think? Am I playing with fire?


-- Dell