如何在数据库或服务器（php）中存储私钥

Question

I have a web application that uses private and public keys to encrypte my fillable form.

I'm using OPENSSL and PHP. My question is that how can i store private keys for each user in database or server? I dont know which one is more safely. Additionaly, my encyrption code ;

//create new private and public key

$new_key_pair = openssl_pkey_new(array(

    "private_key_bits" => 2048,

    "private_key_type" => OPENSSL_KEYTYPE_RSA,

));

openssl_pkey_export($new_key_pair, $private_key_pem);

$details = openssl_pkey_get_details($new_key_pair);

$public_key_pem = $details['key'];

//create signature

//openssl_sign($data, $signature, $private_key_pem, OPENSSL_ALGO_SHA256);

//save for later

file_put_contents('private_key.pem', $private_key_pem);

file_put_contents('public_key.pem', $public_key_pem);
//file_put_contents('signature.dat', $signature);

//verify signature
//$r = openssl_verify($data, $signature, $public_key_pem, "sha256WithRSAEncryption");
//var_dump($r);


echo $private_key_pem;

echo "\r\n";

echo $public_key_pem;

echo "\r\n";

echo $data;

echo "\r\n";

How can i prevent my private and public keys ? It shows on the screen

Answer 1

The public key need no security, so you can save as clear text in the database.

with the private key you have different solution based on level of security and kinds of attacks you want to avoid.

1 save the pk as clear text in the db. Never write php code that echo the pk

2 save the pk in p12 format protect it with a password. You can prompt the password to the user every time you need

3 generete, store and use the pk using a HSM http://en.m.wikipedia.org/wiki/Hardware_security_module

i suggest solution 2.