PHP OpenSSL Securing The Private Key

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Peter Kelly
Forum Contributor
Posts: 143
Joined: Fri Jan 14, 2011 5:33 pm
Location: England
Contact:

PHP OpenSSL Securing The Private Key

Post by Peter Kelly »

I'm currently creating a project that requires usernames and passwords for servers to be stored in a sql database (I have to be able to access these in plain text at further points as they are used for logging in). Because of this I'm encrypting everything with a public/private openssl key so that while they are in the database they are secure and are only unsecure while actually connecting with the servers. Thats fine and secure.

However I initially through I'd store the public and private keys in functions inside a file to encrypt/decrypt data then I would encrypt that file with ioncube. Only after thinking about it I realised if someone managed to hack into the database generally there gonna have access to files as well and it wouldnt take long to realise that in other files there are like decrypt_data functions. So now I'm stuck.

How can I keep the private key safe? Bearing in mind its automated so the private key cant have a password.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: PHP OpenSSL Securing The Private Key

Post by requinix »

Is there any secret information required to be able to access the usernames and passwords? Such as a login? You can use the password to create the key pair. Or for that matter just use a traditional (symmetric) algorithm, would be easier to manage.
Post Reply