Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
3
I have very little knowledge in encryption, so maybe this is a simple question.
I know some encryption have 2 key (public & private) just like ssl do.
So I wanted to know does this mean, you can encrypt with the public key, but to decrypt you need the private key?
If so, is it possible to do the same with a php script?
I would like to be able to encrypt a file with a password, and nowhere on the server is the password to decrypt the file.
Is it possible?
Thank you
5 replies to this topic
Back to top|
|
|
#2
Posted 07 October 2011 - 06:44 AM
gregwarner
-
- Members
-
- 853 posts
Programming God
- Location:Arkansas
Yes, what you are talking about is asynchronous cryptography. There are several asynchronous crypto algorithms out there (RSA, AES, Elliptic Curve), but what they all share is what you described: any message encrypted with one key must be decrypted with the other key. So yes, if you wished to encrypt a file and store the decryption password on some external media, that is completely doable.
If your PHP server has OpenSSL extension installed, check out the functions it has to offer:
PHP: OpenSSL - Manual
If your PHP server has OpenSSL extension installed, check out the functions it has to offer:
PHP: OpenSSL - Manual
Hofstadter's Law: It always takes longer than you expect, even when you take into account Hofstadter's Law.
– Douglas Hofstadter, Gödel, Escher, Bach: An Eternal Golden Braid
#3
Posted 07 October 2011 - 07:12 AM
Vaielab
-
- Members
-
- 547 posts
Programming God
Hello,
Thx for the answer.
I'm looking in the documentation of openSSL, but there is a lot of function that isn't documented, and I'm not too sure where to start.
Do you have any cue to get me started?
Thx
Thx for the answer.
I'm looking in the documentation of openSSL, but there is a lot of function that isn't documented, and I'm not too sure where to start.
Do you have any cue to get me started?
Thx
#4
Posted 07 October 2011 - 07:43 AM
gregwarner
-
- Members
-
- 853 posts
Programming God
- Location:Arkansas
The PHP.NET website has tons of documentation and examples, so you should be able to learn everything you need to know from there, but I'll point you in the right direction to get you started.
The first thing you need to do is generate a new public/private key pair. See this page for details:
PHP: openssl_pkey_new - Manual
If you look at the examples beneath the documentation on that page, you'll see what you need to do next. Once you have your key pair, you need to generate a CSR (certificate signing request). At this point, you can either send this CSR off to a CA (certificate authority) for signing (which costs money usually, and is only really necessary if you want encrypted traffic between you and some arbitrary number of users), or, you can sign it yourself (if you are only needing to encrypt messages for yourself or a select group of friends). There are functions in PHP's OpenSSL extension for self-signing a certificate. Once you have either a CA- or self-signed certificate, you need to store this somewhere safe where your PHP script can have access to it for verifying authenticity of messages/signatures.
Try following the examples on the various documentation pages of the OpenSSL functions. They're an excellent resource for learning how to use them.
The first thing you need to do is generate a new public/private key pair. See this page for details:
PHP: openssl_pkey_new - Manual
If you look at the examples beneath the documentation on that page, you'll see what you need to do next. Once you have your key pair, you need to generate a CSR (certificate signing request). At this point, you can either send this CSR off to a CA (certificate authority) for signing (which costs money usually, and is only really necessary if you want encrypted traffic between you and some arbitrary number of users), or, you can sign it yourself (if you are only needing to encrypt messages for yourself or a select group of friends). There are functions in PHP's OpenSSL extension for self-signing a certificate. Once you have either a CA- or self-signed certificate, you need to store this somewhere safe where your PHP script can have access to it for verifying authenticity of messages/signatures.
Try following the examples on the various documentation pages of the OpenSSL functions. They're an excellent resource for learning how to use them.
Hofstadter's Law: It always takes longer than you expect, even when you take into account Hofstadter's Law.
– Douglas Hofstadter, Gödel, Escher, Bach: An Eternal Golden Braid
#5
Posted 11 October 2011 - 11:36 PM
Alexander
-
- Moderators
-
- 4,124 posts
It's Science!
- Location:Vancouver, Eh! Cleverness: 200
greg said:
Yes, what you are talking about is asynchronous cryptography
Quote
So I wanted to know does this mean, you can encrypt with the public key, but to decrypt you need the private key?
Generally you would have the public key public (for decryption) and private key private (for encryption, the most important part)
Quote
I would like to be able to encrypt a file with a password, and nowhere on the server is the password to decrypt the file.
Is it possible?
Is it possible?
If you require a function to prevent a user with a decryption key to encrypt (so that an attacker cannot introduce a virus in to your encrypted file store, only decrypt your files) then this can be useful. If you require a whole secure transport layer with authentication of the server's identity via assured third party (certificate signing), message digest and authentication, including encryption then TLS (the better of SSL) can be an option, however does not seem applicable for what you wish to do.
Quote
If so, is it possible to do the same with a php script?
Further, rather than SSL you may wish to look at PGP (GPG (GnuPG) is a free implementation), it is a public key cryptographic system of which is often used for simple file or message encryption where client decryption-only constraints are important.
Feel free to ask about anything further regarding cryptography,
Alexander.
Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.
#6
Posted 12 October 2011 - 05:44 AM
gregwarner
-
- Members
-
- 853 posts
Programming God
- Location:Arkansas
Alexander said:
It is called asymmetric cryptography rather (separate corresponding parts to make a whole.)
Thanks for correcting me. Words that sound the same were never my strong suit. :)
Hofstadter's Law: It always takes longer than you expect, even when you take into account Hofstadter's Law.
– Douglas Hofstadter, Gödel, Escher, Bach: An Eternal Golden Braid
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
