Page 1 of 1

PHP OpenSSL Securing The Private Key

Posted: Mon Aug 06, 2012 3:44 am
by Peter Kelly
I'm currently creating a project that requires usernames and passwords for servers to be stored in a sql database (I have to be able to access these in plain text at further points as they are used for logging in). Because of this I'm encrypting everything with a public/private openssl key so that while they are in the database they are secure and are only unsecure while actually connecting with the servers. Thats fine and secure.

However I initially through I'd store the public and private keys in functions inside a file to encrypt/decrypt data then I would encrypt that file with ioncube. Only after thinking about it I realised if someone managed to hack into the database generally there gonna have access to files as well and it wouldnt take long to realise that in other files there are like decrypt_data functions. So now I'm stuck.

How can I keep the private key safe? Bearing in mind its automated so the private key cant have a password.

Re: PHP OpenSSL Securing The Private Key

Posted: Mon Aug 06, 2012 3:56 pm
by requinix
Is there any secret information required to be able to access the usernames and passwords? Such as a login? You can use the password to create the key pair. Or for that matter just use a traditional (symmetric) algorithm, would be easier to manage.