Encrypted File

Saintless

Good Morning all,

I have a question which hopefully some one can help me with because i am totally lost.

what i need to do is create a text file on my webserver above root.

once it is created i need to encrypt it with RSA or some other type of strong encryption.

Once the file is encrypted i need php to pass the decryption key to the file and decrypt it and then open it up and read the contents of the file.

Does anyone have any idea how to do this? i have searched high and low

Thanks for any help you can provide.

Centos 5
PHP 4
Mysql 4

etully

I use GPG to do this. Create a public key and private key on your home machine. Upload the public key to your web server. You can run GPG commands from your PHP script that encrypt the text file. When you are ready to read the file, transfer the encrypted file to your local machine and use GPG to decrypt and read the text file.

Do not store the private key on your web server.

Yes, it makes things nice and convenient for you if you have the private key on your web server so that you can decrypt the file and include the decrypted contents in a web page. But if you do that, then a hacker would also have access to your private key and you might as well not even have bothered to encrypt it in the first place.

Storing your private key on your web server would be like buying a safe made of 4" steel reinforced with titanium plating... and then hiding the key (or the combination) in your desk drawer. If you're just going to hide the key in your desk drawer, you might as well have just skipped buying the safe and hidden your valuables in your desk drawer.

If you want to be pretend secure, then sure, go ahead, put the private key on the web server. (Put it in a directory called "top-sekret-don't-look-in-here"). But if you want to use encryption the way it was designed to be used, then you can't store the decryption key where you store the encrypted files. If a hacker is able to break into your computer, hiding the decryption key somewhere on your server isn't going to stop her.

Saintless

Etully,

Thank you for your input. The File was to be located above root and only apache would have read access to the file i can see where it would be insecure. However this is on an internal website which again is no excusse for poor security.

I am just trying to find a way to store what would equate to a "Master Key" to decrypt information that is stored within the MYSQL database.

Any other suggestions would be extremely helpful. The key needs to be passed within the php script to decrypt the first layer of security.

etully

I am just trying to find a way to store what would equate to a "Master Key" to decrypt information that is stored within the MYSQL database. Any other suggestions would be extremely helpful.

Saintless. The fact that you are asking for other suggestions tells me that you aren't really understanding the problem.

If you are putting the decryption key on the server to decrypt the files, then you don't need to encrypt the files in the first place. Putting them above root is just as secure (and honestly, no kidding around, that is very secure - secure enough for most purposes).

Think of it this way: If I give a delivery man an encrypted letter... and I give him the decryption key so that they guy at the other end can decrypt the letter... then I really might as well not have encrypted the letter in the first place. (If Wild Bill captures the delivery man, he'll have both the encrypted letter and the decryption key!)

So my suggestion to you is just don't bother encrypting the file. Just put it above root and you will be very secure (seriously).

On the other hand, if you wish to trick your boss into thinking that you have taken the utmost care, then by all means, encrypt it with the strongest military grade encryption possible... and then put the decryption key right there on the same server with the decrypted files.

Please understand, I'm not saying, "Hey Saintless, your system is weak! You need to be ultra-super strong."

See, the only thing worse than having a weak system... is having a weak system when you think it's a strong system. Think of it: Imagine you lock your car in a really bad neighborhood and you trust your new Super-Whamo Security system to sound the alarm if someone steals the radio so you leave the car alone for an hour. But the bad guys know that the Super-Whamo can be defeated with a paperclip and a piece of chewing gum and they steal your radio in 8 seconds flat. If you had known how vulnerable you were, you wouldn't have left your car alone in that neighborhood but since you thought you were secure, you took a risk that you wouldn't have taken if you knew the facts about how vulnerable you really were.

So I'm not saying, "You need to be military-grade secure". I'm saying that the encryption you're adding is actually a bad thing because not only isn't it making you more secure - it's doing the opposite by making you think you're secure when you're not.

MarkR

I agree completely. Writing encrypted files that can be decrypted with a key stored on the box locally is completely pointless.

What are you trying to protect against? Your operating system probably supports encrypted filesystems (or block devices) which would work more transparently to your application (thus be easier to test).

If you're worried about physical theft of the server, have the admin enter the key at boot time (but that stops it from rebooting unattended, obviously).

The only "sensible" way you can do this is encrypt a message using one part of an asymmetric key, where the other part isn't stored locally. This means that someone who steals the server won't be able to decrypt it.

Mark

Saintless

etully,

In all honesty i do unerstand how utterly retarded this is, I understand the insecurities with it. Let me point out one thing though, There are not mulitiple encrypted files there is one encrypted file,

As well it is a requirement that there be a master key, Not my requirment definatly not my requirment.

I am simply trying to find a way to make this work that is not totally insecure.

I totally understand that as soon as some one "Ownz" the box it's all over with. but the same could be said for any front end system that log's into mysql under the DBA has used access groups which honestly not alot do.

File does not have to sit on the same server has the php scripts it can sit 3 server levels down but that is still just as insecure even with firewall's in between.

I really have no option on this there has to be a master key i am simply trying to find a way to implement this.

etully

Saintless wrote:
In all honesty i do unerstand how utterly retarded this is

Good, that actually makes me feel better.

I am simply trying to find a way to make this work that is not totally insecure.

Not going to happen.

I really have no option on this there has to be a master key i am simply trying to find a way to implement this.

Let's try to predict the future. One of the following scenarios is going to happen:

A. Nobody is going to try to break into the box. Everyone is going to pat you on the back for making such a great server. And the next time you build a server, you're going to build it the same way you built it last time and now you have two vulnerable servers out there in the wild just waiting to be compromised.

B. Someone breaks into the server. They now have the secret decoder ring and they ownz you. Everyone at the company looks at you and asks how you could have made such a classic security mistake. You're fired for incompetence and in your new job, you often say, "Want fries with that?"

C. You tell your boss that putting the Master Key on the same server is retarded and silly and that doing so makes you less secure, not more secure. You're boss realizes that you're a genius and gives you a raise and thanks you for helping the company avert certain doom that he almost caused by requiring the Master Key to be on the server.

Telling your boss that this is stupid is the hard thing to do. It's the right thing to do for your company, it's a good habit to get into, and you will sleep better at night knowing that you've done your best to make the systems secure.

Now I am done lecturing you. You may do as you please. Learn how to execute GPG from inside a PHP script. GPG can be used correctly or incorrectly - it's up to you.