String encrypt/decrypt
Moderator: General Moderators
String encrypt/decrypt
Anyone know of a way to encrypt a string, so that if any character of the encryted string are changed, it can not be decrypted? Or at least the decrypted string will be fairly messed up? I've tried some, but messing up a character or two still allows the string to be unencrypted fairly accurately. Thanks.
they should, and so should sha, which i think mcrypt will use even without a specifically built library.
the real gurus in security (which is what this falls under) are neilsene and mcgruff. one of them should see this by the end of the day and be able to give you what you need to do it. i'll deferr to them.
the real gurus in security (which is what this falls under) are neilsene and mcgruff. one of them should see this by the end of the day and be able to give you what you need to do it. i'll deferr to them.
I have been playing with AzDGCrypt class from phpclasses. It works well, but if I mess with some of the encrypted characters the string will still decrypt fairly well. I have a dedicated environment. The decrypting will not be done very often. The purpose of this is provide security and prevent tampering. The string being encrypted is an SQL query. I want to make sure that if the it is tampered with the resulting decrypted string will not run.
OK dedicating hosting, good. So symmetric ciphers or public key methods are possible.
I would strongly suggest using either the mcrypt library or the openSSL one or both.
To prevent tampering the best way is to use a MAC, which will be a oneway hash, either MD5 or SHA1. MD5 is built-in to PHP, SHA1 is in the mcrypt library. You'll do something like:
store the $MAC in the database with the query, before running the
query recompute the $MAC and compare. If they differ, then someone tampered with the $query. Typically speaking, changing a character in the $query will causing a complete change of the output of the hash.
To offer privacy, as the decryption is rare, I would use a Public/Private key pair from the openSSL library, encrypt the string with the public key and then save that. Store the private key off-line and enter it when you need it on the rare occasions to decrypt it. This will require a person-in-the-loop for decrption. You can still use the MAC. In your case I would do the MAC calculations pre-encryption and post-decryption.
I would strongly suggest using either the mcrypt library or the openSSL one or both.
To prevent tampering the best way is to use a MAC, which will be a oneway hash, either MD5 or SHA1. MD5 is built-in to PHP, SHA1 is in the mcrypt library. You'll do something like:
Code: Select all
$MAC = MD5($query. $serversecret);query recompute the $MAC and compare. If they differ, then someone tampered with the $query. Typically speaking, changing a character in the $query will causing a complete change of the output of the hash.
To offer privacy, as the decryption is rare, I would use a Public/Private key pair from the openSSL library, encrypt the string with the public key and then save that. Store the private key off-line and enter it when you need it on the rare occasions to decrypt it. This will require a person-in-the-loop for decrption. You can still use the MAC. In your case I would do the MAC calculations pre-encryption and post-decryption.