Archive for the ‘Security’ Category
By nature I always strive to find more efficient, and better ways to perform tasks. There are a number of development tools that I use that really help me develop better applications in a reduced amount of time. These are the tools I use every day for web development.
Click to continue…
Sometime it’s needed to use 2 way encryption for storing data. I’ve been using an AES encryption class for a little over a year now, and it is an excellent way to use FIPS Compliant AES encryption in php. The script comes in a free version (ECB mode only) and a paid version for only $10.
This is a completely standalone class that does not require the mcrypt library, and has php4 and php5 support. Encryption is available in 128, 192, and 256 bit, depending on the cipher length.
Using it is easy as this:
include("AES.class.php"); $my_256_key = 'MpDsw*8cQM&fez*7eBoZB^W*kP652NoW'; $initialization_vector = 'WmR&z28zWn8r*9$R'; $aes = new AES($my_256_key, "CBC", $initialization_vector); $string_to_encrypt = 'SOME STRING OF TEXT, OR EVEN AN ENTIRE FILE'; $encrypted_string = $aes->encrypt($string_to_encrypt); $original_string = $aes->decrypt($encrypted_string);
The cipher modes that are supported are: Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB). —Block Cipher Modes »
If you are needing to integrate real encryption into a script, I highly recommend this class. It’s strong enough for storing sensitive data like credit cards (key management is another topic), and has an extremely easy interface.
Keep in mind that encryption is only as secure as the key and the key management that is used. Unlike using hash functions (Md5, SHA1), encryption can be reversed, and will considerably slow down a php script, especially so for encrypting large amounts of data.
I would recommend base 64 encoding an encrypted string and then storing in a text or blob type field. Output from AES encryption will likely be corrupted by a database’s character encoding if you do not.