Encrypting query string text
I have a concatenated string and I want to pass it as query string. For security, I want to encrypt the concatenated string using gpg private key th开发者_StackOverflow社区at resides in the same folder where this .php file resides on the remote server.
I want to know whether it is safe to keep the public and private keys on the remote server and use it for encryption and decryption.
First question: Why? - If you're transferring data on the same server use PHP sessions or store it in a database. IF you want to transport data from one server to another server use another communication channel between these too, like a HTTP request POSTing the data.
IF you still want to do it: I won't use GPG for this as this produces quite some CPU load and increases the size of the message dramatically, assuminf your data is relatively short. It's better to use blowfisch or similar algorithms, see PHP's crypt function for instance.
About the security: It is more or less as secure as the whole server is but you should make sure your private key is hidden outside the document root of the web server. And read rights should be limited to the web server user ...
Try these PHP functions convert_uuencode and convert_uudecode
function encrypt_decrypt ($data, $encrypt) {
if ($encrypt == true) {
$output = base64_encode (convert_uuencode ($data));
} else {
$output = convert_uudecode (base64_decode ($data));
}
return $output;
}
$enc_txt = encrypt_decrypt ("QUERY TEXT", true);
echo $enc_txt."\n";
// KjQ1NSU0RURANSQ1ODVgYGAKYAo=
echo encrypt_decrypt ($enc_txt, false);
// QUERY TEXT
精彩评论