[PHP] File encryption under PHP

2010-04-01 Thread Paul M Foster 
Folks:

If I wanted to encrypt a file in PHP and then write it out to disk
(one-way encryption, requiring a password), what PHP built-ins might you
recommend to encrypt the contents of the file before writing it out to
disk?

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] File encryption under PHP

2010-04-01 Thread Ashley Sheridan 
On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:

 Folks:
 
 If I wanted to encrypt a file in PHP and then write it out to disk
 (one-way encryption, requiring a password), what PHP built-ins might you
 recommend to encrypt the contents of the file before writing it out to
 disk?
 
 Paul
 
 -- 
 Paul M. Foster
 


I don't think you want one-way encryption, that would mean you can't
unencrypt it!

What about the usual functions for encrypting strings in PHP? Couldn't
you encrypt the file as a string and output that? Or did you want the
file to request a password when it was opened? What about a
password-protected compressed archive file?

Thanks,
Ash
http://www.ashleysheridan.co.uk

Re: [PHP] File encryption under PHP

2010-04-01 Thread Paul M Foster 
On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote:

 On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:
 
 Folks:
 
 If I wanted to encrypt a file in PHP and then write it out to disk
 (one-way encryption, requiring a password), what PHP built-ins might you
 recommend to encrypt the contents of the file before writing it out to
 disk?
 
 Paul
 
 --
 Paul M. Foster
 
 
 
 I don't think you want one-way encryption, that would mean you can't unencrypt
 it!

Then one-way encryption would be something no one would do. I must be
using the wrong term. What I mean is that it needs a password, which is
used to encrypt and decrypt the file.

 
 What about the usual functions for encrypting strings in PHP? Couldn't you
 encrypt the file as a string and output that? Or did you want the file to
 request a password when it was opened? What about a password-protected
 compressed archive file?

Well, when you say, usual functions for encrypting strings in PHP,
what are my options there? And which are the best (most secure) methods?
It looks like mcrypt_*() will do the job, but there are 20-30
algorithms, and I have no idea which are the most secure. Or would
something else be better (than mcrypt_*())?

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] File encryption under PHP

2010-04-01 Thread APseudoUtopia 
On Thu, Apr 1, 2010 at 3:47 PM, Paul M Foster pa...@quillandmouse.com wrote:
 Folks:

 If I wanted to encrypt a file in PHP and then write it out to disk
 (one-way encryption, requiring a password), what PHP built-ins might you
 recommend to encrypt the contents of the file before writing it out to
 disk?

 Paul


I use the MCrypt extension to encrypt strings (login hashes in
cookies, other such things). I don't see why you couldn't read the
file into a string and then use mcrypt. You'd have to play with it
though. Like make sure performance doesn't degrade massively for large
files (rather than small strings), as well as making sure everything
is binary-safe.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] File encryption under PHP

2010-04-01 Thread Ashley Sheridan 
On Thu, 2010-04-01 at 16:04 -0400, Paul M Foster wrote:

 On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote:
 
  On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:
  
  Folks:
  
  If I wanted to encrypt a file in PHP and then write it out to disk
  (one-way encryption, requiring a password), what PHP built-ins might you
  recommend to encrypt the contents of the file before writing it out to
  disk?
  
  Paul
  
  --
  Paul M. Foster
  
  
  
  I don't think you want one-way encryption, that would mean you can't 
  unencrypt
  it!
 
 Then one-way encryption would be something no one would do. I must be
 using the wrong term. What I mean is that it needs a password, which is
 used to encrypt and decrypt the file.
 
  
  What about the usual functions for encrypting strings in PHP? Couldn't you
  encrypt the file as a string and output that? Or did you want the file to
  request a password when it was opened? What about a password-protected
  compressed archive file?
 
 Well, when you say, usual functions for encrypting strings in PHP,
 what are my options there? And which are the best (most secure) methods?
 It looks like mcrypt_*() will do the job, but there are 20-30
 algorithms, and I have no idea which are the most secure. Or would
 something else be better (than mcrypt_*())?
 
 Paul
 
 -- 
 Paul M. Foster
 


There's a good reason for one-way encryption. The crypt function in PHP
is one-way, and the use case is to compare an entered password without
the encrypted password ever being unencryptable.

Thanks,
Ash
http://www.ashleysheridan.co.uk

Re: [PHP] File encryption under PHP

2010-04-01 Thread APseudoUtopia 
On Thu, Apr 1, 2010 at 4:05 PM, Ashley Sheridan
a...@ashleysheridan.co.uk wrote:
 On Thu, 2010-04-01 at 16:04 -0400, Paul M Foster wrote:

 On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote:

  On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:
 
      Folks:
 
      If I wanted to encrypt a file in PHP and then write it out to disk
      (one-way encryption, requiring a password), what PHP built-ins might 
  you
      recommend to encrypt the contents of the file before writing it out to
      disk?
 
      Paul
 
      --
      Paul M. Foster
 
 
 
  I don't think you want one-way encryption, that would mean you can't 
  unencrypt
  it!

 Then one-way encryption would be something no one would do. I must be
 using the wrong term. What I mean is that it needs a password, which is
 used to encrypt and decrypt the file.

 
  What about the usual functions for encrypting strings in PHP? Couldn't you
  encrypt the file as a string and output that? Or did you want the file to
  request a password when it was opened? What about a password-protected
  compressed archive file?

 Well, when you say, usual functions for encrypting strings in PHP,
 what are my options there? And which are the best (most secure) methods?
 It looks like mcrypt_*() will do the job, but there are 20-30
 algorithms, and I have no idea which are the most secure. Or would
 something else be better (than mcrypt_*())?

 Paul

 --
 Paul M. Foster



 There's a good reason for one-way encryption. The crypt function in PHP
 is one-way, and the use case is to compare an entered password without
 the encrypted password ever being unencryptable.

 Thanks,
 Ash

Technically, one-way encryption is called hashing, as encryption by
definition is two-way.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] File encryption under PHP

2010-04-01 Thread Kevin Kinsey 

Paul M Foster wrote:

Folks:

If I wanted to encrypt a file in PHP and then write it out to disk
(one-way encryption, requiring a password), what PHP built-ins might you
recommend to encrypt the contents of the file before writing it out to
disk?

Paul


Here's a very generic mcrypt example.  IANAE
where security is concerned, but from what I've
read, BLOWFISH should be a fairly decent algorithm
for most applications.  This isn't my work, can't
remember whose ... uses 3DES.

KDK


?php
$plaintext = Four score and seven years ago;
$cipher = MCRYPT_TRIPLEDES;
$mode = MCRYPT_MODE_ECB;
$rand_src = MCRYPT_DEV_RANDOM; //MCRYPT_DEV_RANDOM
$password = 'Extra secret password';

print (Plaintext: $plaintext\n);

// OK, let's encrypt the data
$handle = mcrypt_module_open ($cipher, '', $mode, '');
if (!$handle)
die (Couldn't locate open mcrypt module for '$cipher' algorithm);
$iv_size = mcrypt_enc_get_iv_size ($handle);
$ivector = mcrypt_create_iv ($iv_size, $rand_src);
if (mcrypt_generic_init ($handle, $password, $ivector) == -1)
die (Error: mcrypt_generic_init() failed.);
$ciphertext = mcrypt_generic ($handle, $plaintext);
mcrypt_generic_end ($handle);

echo br Ciphertext:  . bin2hex ($ciphertext) . \n;

// Now let's decrypt it
$handle = mcrypt_module_open ($cipher, '', $mode, '');
if (!$handle) die (Couldn't locate open mcrypt module for '$cipher' 
algorithm);

if (mcrypt_generic_init ($handle, $password, $ivector) == -1)
   die (Error: mcrypt_generic_init() failed.);
$plaintext = mdecrypt_generic ($handle, $ciphertext);
mcrypt_generic_end ($handle);

echo br Plaintext: $plaintext\n);
?

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] File encryption under PHP

2010-04-01 Thread Adam Richardson 

 Then one-way encryption would be something no one would do. I must be using
 the wrong term. What I mean is that it needs a password, which is used to
 encrypt and decrypt the file.


*Symmetric* encryption uses the same key to encrypt and decrypt the text
(what you're talking about, and example algorithms include blowfish, AES.)

*Asymmetric* encryption uses separate keys, allowing anyone to send you an
encrypted message with a public key, but only allowing you to decrypt it
with your private key (https uses this as the initial stage to exchange the
key to be used for the subsequent exchanges of text using symmetric
encryption because symmetric encryption is much faster, and example
algorithm is RSA.)

Adam

-- 
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com