NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP and keystores

Jesse Callaway bonsaime at gmail.com
Thu Nov 29 19:28:57 EST 2012


So you'd like the file to be encrypted before it's sent or stored somewhere
you can grab it? How are you getting this file? I think this would be a
good use of public key crypto. You can store or publish (or whatever) your
public key either in the code or loaded from a URL. Encrypt the file using
this public key, and then you are in a good position to read the file.

Most cert usage is not for encryption per se, but for key exchange (which
is then used for encryption) so a normal SSL cert isn't going to help here
much. You could make your own cert, but at that point screw it since it
lacks the authority of a CA chain which is what makes a cert a cert. If you
really need to encrypt a plaintext file, just encrypt the whole thing, and
not parts of it, using GPG. Call the gpg command from a shell execute in
php and supply your public key (as above).

Still not sure what you're inputs and outputs are. How is this file
encrypted in the first place. Maybe you could just gather the credentials
and update LDAP directly, skipping any storage on disk. I might have a copy
of a ruby program I did to do this. It was a web form. I then had to write
it in perl, so I'm sure you could port it to php without much hassle.


On Thu, Nov 29, 2012 at 5:32 PM, CED <consult at covenantedesign.com> wrote:

>  I'm pulling in a file, encrypting and then sending...
>
> Psuedo code:
>
>     function dencrypt($str, $key){
>         $str = mcrypt_decrypt(MCRYPT_DES, $key, $str, MCRYPT_MODE_ECB);
>         $block = mcrypt_get_block_size('des', 'ecb');
>         $pad = ord($str[($len = strlen($str))-1]);
>         return substr($str, 0, strlen($str) - $pad);
>     }
>
>     //Read in creds file
>     $file = "this.txt" // UN=USERNAMEPW=PASSWORD
>     //Decrypt password
>     $unEncryptedPass = decrypt("PASSWORDFROMFILE", "HARDCODEDSEEDKEY");
>
>     //Send username and password to LDAP service directly
>
> What I'm wondering, is, if there is a better way to store the username and
> password? So I was thinking of maybe a cert that is encrypting/unencrypting
> the file with the un/pw contents...
>
> Hope I've been more clear. :)
>
> Thanks.
>
>
> On 11/29/2012 9:14 AM, Anthony Ferrara wrote:
>
> When you say "encryption and decryption of credentials", what are you
> talking about? User credentials? If so, why aren't you hashing them one-way
> instead of encrypting them (and therefore making them FAR easier for an
> attacker to steal)?
>
>  Anthony
>
>
> On Thu, Nov 29, 2012 at 11:13 AM, CED <consult at covenantedesign.com> wrote:
>
>> Just encryption and decryption of credentials.
>>
>>
>> On 11/28/2012 6:25 PM, Rob Marscher wrote:
>> > On Nov 28, 2012, at 7:23 PM, CED <consult at covenantedesign.com> wrote:
>> >
>> >> I have a need to use a private key within PHP... does anyone have any
>> >> recommendations on this?
>> >> I looked at http://phpkeystore.com/ but I'm not sure... any thoughts?
>> > Can you give a little more context on what you need to do with the
>> private key?
>> >
>> > Is it for securely connecting to a remote site via ssh/sftp?
>> >
>> > Or is it to sign or encrypt some data!
>> >
>> > Or some other use?
>> > _______________________________________________
>> > New York PHP User Group Community Talk Mailing List
>> > http://lists.nyphp.org/mailman/listinfo/talk
>> >
>> > http://www.nyphp.org/show-participation
>> >
>> >
>> >
>>
>>
>>  --
>> <img src="http://covenantedesign.com/logo.jpg" border ="0">
>> 995 Maple Hill Road
>> Castleton, New York 12033
>> 518-331-5061
>> Consult at CovenanteDesign.com
>>
>> _______________________________________________
>> New York PHP User Group Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> http://www.nyphp.org/show-participation
>>
>
>
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing Listhttp://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org/show-participation
>
>
>
> --
> <img src="http://covenantedesign.com/logo.jpg" <http://covenantedesign.com/logo.jpg> border ="0">
> 995 Maple Hill Road
> Castleton, New York 12033518-331-5061Consult at CovenanteDesign.com
>
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show-participation
>



-- 
-jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20121129/ba4d8ac4/attachment.html>


More information about the talk mailing list