[PHP] How to store encrypted data and how to store the key?

This is somewhat related to the whole PCI/credit card discussion a couple weeks back. The consensus was basically leave it to other people - however, what if YOU are the other person? I wonder if anyone has some BKMs to share about encrypting data in a web application. A lot of people take the

Re: [PHP] How to store encrypted data and how to store the key?

On 23 June 2010 09:11, Michael Shadle mike...@gmail.com wrote: This is somewhat related to the whole PCI/credit card discussion a couple weeks back. The consensus was basically leave it to other people - however, what if YOU are the other person? I wonder if anyone has some BKMs to share

Re: [PHP] How to store encrypted data and how to store the key?

On Wed, Jun 23, 2010 at 12:21 AM, Peter Lind peter.e.l...@gmail.com wrote: I haven't had to implement a scheme like this but for an app I'm working on we've been considering the same issues in order to keep member data safe. I would say your best bet is to keep the decryption key in memory

RE: [PHP] How to store encrypted data and how to store the key?

-Original Message- From: Peter Lind [mailto:peter.e.l...@gmail.com] Sent: Wednesday, June 23, 2010 12:22 AM To: Michael Shadle Cc: PHP-General Subject: Re: [PHP] How to store encrypted data and how to store the key? On 23 June 2010 09:11, Michael Shadle mike...@gmail.com wrote:

Re: [PHP] How to store encrypted data and how to store the key?

On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote: I haven't had to implement a scheme like this but for an app I'm working on we've been considering the same issues in order to keep member data safe. I would say your best bet is to keep the decryption key in memory while

Re: [PHP] How to store encrypted data and how to store the key?

On 23 June 2010 10:09, Michael Shadle mike...@gmail.com wrote: On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote: I haven't had to implement a scheme like this but for an app I'm working on we've been considering the same issues in order to keep member data safe. I would

Re: [PHP] How to store encrypted data and how to store the key?

On Wed, Jun 23, 2010 at 6:09 AM, Peter Lind peter.e.l...@gmail.com wrote: On 23 June 2010 10:09, Michael Shadle mike...@gmail.com wrote: On Wed, Jun 23, 2010 at 12:55 AM, Tommy Pham tommy...@gmail.com wrote: I haven't had to implement a scheme like this but for an app I'm working on we've

Re: [PHP] How to store encrypted data and how to store the key?

I talked with a friend who actually had this implemented before and banks had signed off on it after reviewing it. load balancer (irrelevant to the security piece) web server(s) - only accepts traffic to port 80/443. can only forward requests on to the app server, one direction. app server(s) -

Re: [PHP] How to store encrypted data and how to store the key?

On 23 June 2010 20:55, Michael Shadle mike...@gmail.com wrote: I talked with a friend who actually had this implemented before and banks had signed off on it after reviewing it. load balancer (irrelevant to the security piece) web server(s) - only accepts traffic to port 80/443. can only

Re: [PHP] How to store encrypted data and how to store the key?

On Wed, Jun 23, 2010 at 12:43 PM, Peter Lind peter.e.l...@gmail.com wrote: I'm just wondering if this is a correct understanding: 1. plaintext data arrives on the web frontend. or over SSL 2. It's sent to the app server SSL or non-SSL - your choice 3. It's encrypted and sent to the DB