Hi

In my PHP script I build up and output an xml file which contains information retrieved from my database. What I need now is to encrypt the xml file data prior to the XML file being output to the screen for saving. This file will need to be decrypted at a later date.

Can anyone point me in the right direction of what would be the best approach to achieving this?

Many Thanks

    I use GPG for that task.

    Create a Public/Private key pair. Put the public key only on your web server's GPG keyring.

    You can call GPG from PHP, you pass it the XML, and it responds with cipertext encrypted with the public key you gave it. Once you have the ciphertext back from GPG, you can do anything you want with it (archive it, email it over insecure channels, etc).

      hi.

      MCrypt would be my choice.

      The code block ciphers, CBC, in MCrypt are extremly fast ( ~25 MByte/s ) on my machine.
      Use CAST-128 or Blowfish.
      Means can encrypt/decrypt 100 kByte file in 0.004 seconds.
      [man]mcrypt[/man]

      GnuPG, GNU Privacy Guard, is what I can see an external software program you install.
      http://en.wikipedia.org/wiki/GNU_Privacy_Guard
      It is also available for WindowsXP/Vista.
      http://www.gpg4win.org/

      I prefer not to make my PHP dependent on external programs
      so I avoid writing php code who need such programs
      like mysql.exe / mysql.bin for example.

      What happens when such an external program is not active or is not working???
      ... my PHPscripts will stall ... they will write messages like:
      FATAL ERROR: Unable to connect to mysql database.
      Which is not too uncommon.
      I have seen such messages many times at websites.

      Regards

        In general, I agree with you completely, never rely on an external program when PHP can do the same thing natively.

        However, GPG uses PKI which makes it do things that mcrypt can't. If you need PKI, then you need PKI, end of story. You use GPG.

        As for the availability of an external program, when a client is paying me multiple thousands of dollars to write a security system so that he can get his XML encrypted and delivered, I know that GPG will be be available for the following three reasons: (1) It's on every Linux machine known to man, (2) I can install it manually if it's absent, (3) if I can't install it manually, we move to a different web hosting company because the client asked for PKI and so GPG is a requirement for the project at hand.

        mcrypt is great for what it is. And if that's what you need, then I would definitely agree - I suggest using mcrypt over GPG. But if you need PKI, then you make some compromises in your life and you rely on an external program.

          Thank you for all your posts, I think i will look further into the mcrypt method.

            Write a Reply...