Jump to content

Adding encryption to a website.

DarkHavn

By DarkHavn
in PHP Coding Help

 Share

Recommended Posts

DarkHavn Member

DarkHavn

Posted
Posted
Was just wondering your regards and feedback on this one.

Things like ssl on a webpage, 128bit encryption on websites that handle sensitive data like credit card numbers and such.

Do you guys prefer, or recomend anything?

Should i rely on php for this, or something else?

Just thought i would get some feedback on this before i go ahead with anything.

Cheers
Link to comment
https://forums.phpfreaks.com/topic/21468-adding-encryption-to-a-website/
Share on other sites
DarkHavn Member

DarkHavn

Posted
  • Author
Posted
Lol, sorry should of been more descriptive of what i was meaning, Yeah ssl is apart of the server that is running apache or depending on your flavour.

Guess what i was truley meaning is, is there any means or methods you guys recomend of encryption via php if that is possible at all?
tomfmason Advanced Member

tomfmason

Posted
Posted
I am suprised that this has not be posted before. Normaly when it comes to a question in reguards to security, of any kind, there are a thousand posts.

There are a couple ways of encrypting the sensitive data. here is an example function that would encrypt the data before passing it to a database.

[code]
<?php
$cc_number = "0000000000000000";

function encryptData($data) {
      $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
      $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
      $key = "your_key";

      $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv);
      return $crypttext;
}

$encypted_cc = encryptData($cc_number);

// now you can pass the encrypted data to the db


// and here is a function for decrypting the data.

fuction decryptData($data) {
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = "your_key";
       $decrypted_data = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv);
       return $decrypted_data;
}

//here is a simple sql call to get the encrypted cc number
$sql = mysql_query("SELECT * FROM `your_table` WHERE `something` = '$something'");

while ($rw = mysql_fetch_assoc($sql)) {
     $cc_number = decyptData($rw['cc_number']);
}
?>
[/code]

Now as far as the key goes. I randomly generate a key and then on a couple of random days each month I decrypt all of the encrypted data in the db and then encypt it again with a new random key. I then store the key in another function.

This may be over kill but what the hell, I am responsible for that data. So I will try my best to secure it to the best of my ability.

I hope that this helps.

If anyone has any suggestions on a better way to encrypt the data or a fault in my script, please feel free to reply.

Thanks,
Tom
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.