On 3/6/07, Ani Deglurkar <[EMAIL PROTECTED]> wrote:
I tried ns_encrypt for this and it works great(I used the defaults while calling ns_encrypt and ns_decrypt), but I am not sure what it is doing exactly and can it work w/o a pub-pvt keypair - is it encrypting the plaintext using a generated symmetric key and that is being reencrypted again?
By default ns_encrypt uses blowfish with single use 128 bit keys, but you can use other OpenSSL supported ciphers and larger keys too. I prefer 256 bit AES. After the payload is encrypted, the one time key itself is then encrypted using the RSA public key. I use 2048 bit keys, but 1024 keys are considered safe. If you don't want to use PKE, there are other encryption modules but using them offers zero security because the same key works for both encryption and decryption and you must put this key in your code. If you're ever hacked, your data is 100% compromised. As for speed? Unless you're running thousands of PKE transactions per minute on your site, I doubt speed will be an issue even on the worst of equipment. Daniel -- | --------------------------------------------------------------- | Daniel P. Stasinski | http://www.saidsimple.com | [EMAIL PROTECTED] | http://www.disabilities-r-us.com | Google Talk: mooooooo | http://www.scriptkitties.com | Jabber: [EMAIL PROTECTED] | http://www.avenues.org -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
