Blowfish Encryption

[Stooney]

I've been looking all day but can't seem to find any decent resource on utilizing Blowfish 448 bit encryption with PHP. 

 

I currently have Blowfish 64 bit encryption working, but would like the 448bit which means I need to find a PHP supported script/algorithm/?? that supports a 56 character key.  I cannot find anything.  Is this something that I won't find possible with PHP?  I know there's plenty of software you could just install on the server and make system() calls to, but let's assume I cannot modify my server.  Mcrypt (with blowfish) is enabled.

[xylex]

I think you're mixing up your encryption block size with your key length.  Blowfish is a 64-bit block encryption method.  Blowfish 448 just means you're using Blowfish with a 56 character key (448/8 = 56).

 

Related and equally confusing is that "AES 256" is Rijndael encyrption with a 128 bit block size with a 256 bit key, whereas "Rijndael 256" can refer to a 256 bit block size and doesn't say anything about the key length.

[Stooney]

Thank You xylex.  I went over everything and it was in fact just a matter of giving it a bigger key.  Everything is working great. 

 

I have a security related question though:

Long story short, users upload files which are encrypted immediately then stored.  Upon download, they are decrypted then sent off.  This is all done over SSL.  As of right now I'm storing the 56 char key in the config.php with all the other various site variables.  Is there something more I should be doing to secure the key?  Users do not have access to these variables, they are only used server side by the scripts, without any output possibilities.