From: Paul M Foster on
Folks:

If I wanted to encrypt a file in PHP and then write it out to disk
(one-way encryption, requiring a password), what PHP built-ins might you
recommend to encrypt the contents of the file before writing it out to
disk?

Paul

--
Paul M. Foster
From: Ashley Sheridan on
On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:

> Folks:
>
> If I wanted to encrypt a file in PHP and then write it out to disk
> (one-way encryption, requiring a password), what PHP built-ins might you
> recommend to encrypt the contents of the file before writing it out to
> disk?
>
> Paul
>
> --
> Paul M. Foster
>


I don't think you want one-way encryption, that would mean you can't
unencrypt it!

What about the usual functions for encrypting strings in PHP? Couldn't
you encrypt the file as a string and output that? Or did you want the
file to request a password when it was opened? What about a
password-protected compressed archive file?

Thanks,
Ash
http://www.ashleysheridan.co.uk


From: Paul M Foster on
On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote:

> On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:
>
> Folks:
>
> If I wanted to encrypt a file in PHP and then write it out to disk
> (one-way encryption, requiring a password), what PHP built-ins might you
> recommend to encrypt the contents of the file before writing it out to
> disk?
>
> Paul
>
> --
> Paul M. Foster
>
>
>
> I don't think you want one-way encryption, that would mean you can't unencrypt
> it!

Then "one-way encryption" would be something no one would do. I must be
using the wrong term. What I mean is that it needs a password, which is
used to encrypt and decrypt the file.

>
> What about the usual functions for encrypting strings in PHP? Couldn't you
> encrypt the file as a string and output that? Or did you want the file to
> request a password when it was opened? What about a password-protected
> compressed archive file?

Well, when you say, "usual functions for encrypting strings in PHP",
what are my options there? And which are the best (most secure) methods?
It looks like mcrypt_*() will do the job, but there are 20-30
algorithms, and I have no idea which are the most secure. Or would
something else be better (than mcrypt_*())?

Paul

--
Paul M. Foster
From: APseudoUtopia on
On Thu, Apr 1, 2010 at 3:47 PM, Paul M Foster <paulf(a)quillandmouse.com> wrote:
> Folks:
>
> If I wanted to encrypt a file in PHP and then write it out to disk
> (one-way encryption, requiring a password), what PHP built-ins might you
> recommend to encrypt the contents of the file before writing it out to
> disk?
>
> Paul
>

I use the MCrypt extension to encrypt strings (login hashes in
cookies, other such things). I don't see why you couldn't read the
file into a string and then use mcrypt. You'd have to play with it
though. Like make sure performance doesn't degrade massively for large
files (rather than small strings), as well as making sure everything
is binary-safe.
From: Ashley Sheridan on
On Thu, 2010-04-01 at 16:04 -0400, Paul M Foster wrote:

> On Thu, Apr 01, 2010 at 08:45:53PM +0100, Ashley Sheridan wrote:
>
> > On Thu, 2010-04-01 at 15:47 -0400, Paul M Foster wrote:
> >
> > Folks:
> >
> > If I wanted to encrypt a file in PHP and then write it out to disk
> > (one-way encryption, requiring a password), what PHP built-ins might you
> > recommend to encrypt the contents of the file before writing it out to
> > disk?
> >
> > Paul
> >
> > --
> > Paul M. Foster
> >
> >
> >
> > I don't think you want one-way encryption, that would mean you can't unencrypt
> > it!
>
> Then "one-way encryption" would be something no one would do. I must be
> using the wrong term. What I mean is that it needs a password, which is
> used to encrypt and decrypt the file.
>
> >
> > What about the usual functions for encrypting strings in PHP? Couldn't you
> > encrypt the file as a string and output that? Or did you want the file to
> > request a password when it was opened? What about a password-protected
> > compressed archive file?
>
> Well, when you say, "usual functions for encrypting strings in PHP",
> what are my options there? And which are the best (most secure) methods?
> It looks like mcrypt_*() will do the job, but there are 20-30
> algorithms, and I have no idea which are the most secure. Or would
> something else be better (than mcrypt_*())?
>
> Paul
>
> --
> Paul M. Foster
>


There's a good reason for one-way encryption. The crypt function in PHP
is one-way, and the use case is to compare an entered password without
the encrypted password ever being unencryptable.

Thanks,
Ash
http://www.ashleysheridan.co.uk