堆栈内存溢出
  简体   繁体   English

PHP如何转义用于插入数据库的pgp公钥

[英]PHP how to escape pgp public key for inserting into database

 原文  2014-10-02 18:18:16       php/ mysql/ escaping/ pgp

问题描述

EDIT: 编辑:

For anyone wondering how I achieved it in the end, I realized I should stop being an idiot and instead I now take the user input and import it into the keychain. 对于任何想知道我最终如何实现的人,我意识到我不应该成为一个白痴,而是现在我接受用户输入并将其导入到钥匙串中。 From the import it pulls the fingerprint which is used for signing in future. 从导入中提取用于将来签名的指纹。

SEE: http://php.net/manual/en/ref.gnupg.php 查看: http : //php.net/manual/en/ref.gnupg.php

If its not working for you, make sure php/nginx/apache have permissions to the folder where your keys are stored. 如果对您不起作用,请确保php / nginx / apache具有存储密钥的文件夹的权限。 (/home/you/.gnupg) (/home/you/.gnupg)

On our website we are accepting PGP public keys in order to encrypt emails to the user, up until now we hadn't bothered with escaping as its still in closed beta. 在我们的网站上,我们接受PGP公钥以加密发送给用户的电子邮件,到目前为止,由于它仍处于内测阶段,因此我们一直不厌其烦地进行转义。

Obviously as we are inserting it into a database we don't want to leave any vulnerabilities open, but how can I escape it while maintaining the integrity of the key? 显然,当我们将其插入数据库时​​,我们不想让任何漏洞处于打开状态,但是如何在保持密钥完整性的情况下转义它?

Example public key: 公用密钥示例: 

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (MingW32)

mQGNBFQPofkBDAC7+1uvxtEwEzaRk9Ef+z7Ja74BxjpiSPZH9yC7Xdhp1l9RjhHz
fhOOcY+WphLijudEFFUkKpoK3/Q8DH7qfP3wnlKDxZbZMkpVyDS8ZQo05rqAI8wy
Ra8dmPQOKYirfHXoTccRh2AUfeIYH+6Cm8j8PRFbCXWO8ibyysawFvudyuY1GRmn
8/q2a9NTLmFOjRY4R4W3ly8Ix2JRQcBDfmJYlUO8q0aMb8mRtyNWqT72sr9SmFIX
3QE3XtCYygPMG0/xn2rEA/7MH7n28M0rTcj3nECwv978RFossmxt4MsqCuqxQzNL
LYn8ckL9EIcsvL0tFNQeFUfP+pwB1PV2TbsrTuYECtRXH2uGQOITRoPnvdD1cW7W
YsyQ2ws+D9YlKQ4SFtfMHPo/6BrPt8BLcuo8kjlqSPH+KCrOxfC6WTCfdGY2JcMF
+LVjrtrCVhZOq+E7p0wv/DI8D4NP4jDb7t0JOOWbQXjYH8cUcKPcI5wgdkoeL4BH
hOI4rEX+1/morIMAEQEAAbQwV2lsbGlhbSBEdW5uZSAoTWltZXggRlMgTFREKSA8
d2lsbGlhbUBtaW1leC5uZXQ+iQG5BBMBAgAjBQJUD6H5AhsDBwsJCAcDAgEGFQgC
CQoLBBYCAwECHgECF4AACgkQXGTM66ZI00+QOQv9GgAppfDTgutFflMqewIdgLga
+aE+8EFRA8IEtwy1Cu9vKjKGjA05uUk0uJJR3LGkrPAKbHI6uISPR6DbpwrFxf8R
/JNPOGwMgSDN83RY+0n5sbYZOEu7Npkw2g5zyBj66weeiCk2ozm3UdKPj6u+AP8Q
iz5cnzu3AbJH5l5kcfkkdZSNIjdXdjff7I3NUXC91/CXjo4DYBUdHyD5v0JRBSoq
ZS8BzXw0TBWXSMiB4iD2m1nXgFWt6i95Yho/QB1Gy1dOWL6u8MvSvMDrA1JKJtZT
T7cCAGYmS4Rpz7PKFH0mntNEm5fW6yUMnfT+PqB7fhdJh2mLscCHnu6Z5pUhQJRw
lGrzWnLMFdWqozgiNU0bKu942pLWN8fSF4HUEEld+krpl6NUJNDtCjBW72ssXl4j
Av9Y9VfDhKBKTyeq3gJZEJ0WIS6Wkxu/CqnCUTiXMsy+yxEvlINM3F34isowCiFy
FL1x3xFnKNhYLoaqKuhy06WTE0KrruCpUxvw+rwVuQGNBFQPofkBDACeldHZBjjH
vfKi1xYIsr7JZ/AUfIU55QAJyVV0eVmI8BkGjfQtxSYsjMUx9ioieN3H9ILjhuya
slgLk7OKDVfpg8U0S2qmJCsM1oU7EWVJr2h3lMw0wwmGcgkMvfIkNvZxsylSak1o
60aiFEomrnQx+grb8L12MIUbsSpTmcGM/3B+V8/xxmBtprhl3Re+sRc2HAKNXpZY
Tzx+IfUMckEov9T9ZJzx1Fh9SoUwNqCDoV8PCJSzhqQ4GMdP7Xy9fGz1a+NMdJW0
seuupIt8MxO9Mj1Sek0Pxqg2EIepULz5u/h+l8yttOvVF6OZZJjEQOjlsMFQ2FJb
BLNdYXRVeVcPWu/5tHX3zj4/4Kz6dSxWM3xMjIOD1xSdwrKZeP/wGyE8VVRST7pq
IJjKnGfT7tTv9sg6cxDyygGnbys720AOrXNT9GXsSQckALKCU1wBIUn5jLPU1ldp
VsWkkzzacOBHdWB8CJ6MArmEgdQ5s/fpinXkRSkRDuC7SvQx2yvy9QsAEQEAAYkB
nwQYAQIACQUCVA+h+QIbDAAKCRBcZMzrpkjTT/nqC/93Hy0qcElo3+urbqKxzlf/
e/28uOWTgGmX5bba5bpZAdh/0o5yHSB+yaVeSKUdUPgT18ft9Vlwmy8GPLgapyb6
3h6+7hOIrPd9BApI2aNAM+QmB98o47s0pUujJ8CPAVYKXaIuLMFuAUhT2kmL4C8C
JeyS7Z5+MzT3BHR+hJBQE+5nKsEVbd6pysk5Bz6rPFi17cjmDnB/tc84beAlL7jb
mAEEIdNr93xERYZC0eln72oEIwvJaG/45oxeJu9egDqeGJZ0r77AnmGe8AUcw2Wa
AXiHSV49OVFoPuC+iCXr4Ff/pNmS4UACoobqITdN+OZobaCmLPIivnGaWBci4NEU
AfWJ/GnqIeRCCHQ7Z3A+BmkiHy87g17dYkN9kRyyGFLrAGa/UJahXQN/IyiQcjGT
C/o9CCB5A9eZ8XYwTryiNPWfc6vL8UUs/ROVpBGK8WDmgnQblyQ21e6sdsN/LXs8
Z/rBQvdw18Dh8Ig//LeFINmpDtHX7EIg3k/Qdph7pHE=
=mi2n
-----END PGP PUBLIC KEY BLOCK-----

1 个解决方案

解决方案1
 0  2014-10-02 18:36:36

If you parameterize, then you don't have to worry about escaping at all. 如果您进行参数设置,则根本不必担心转义。 

$pgp = file_get_contents('mykey.pgp');

$dbh = new PDO($connstr,$username,$password);

if( ! $stmt = $dbh->prepare('INSERT INTO mytable (pgpkey) VALUES (?)') ) {
    die($dbh->errorInfo());
}
if( ! $stmt->execute(array($pgp)) ) {
    die($stmt->errorInfo();
}
echo 'great success.'

That said, there are no single quotes contained in the key, so you shouldn't have to worry about escaping it, so long as you've validated the input . 就是说,键中不包含任何引号,因此, 只要您已验证输入内容, 不必担心转义。 As @mike-brant put it in the comments: 正如@ mike-brant在评论中指出的那样:

Have you considered actually validating the PGP cert that is provided? 您是否考虑过实际验证所提供的PGP证书? By doing this, you not only ensure that you have a safe string for insertion, but also a valid key. 这样,您不仅可以确保要插入的字符串安全,而且还可以使用有效的密钥。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 gnupg 在 PHP 中导入 pgp 私钥? - How to import pgp private key in PHP with gnupg? 检查GPG / PGP公钥是否有效 - Check if GPG/PGP public key is valid PHP / mySQL-在插入数据库之前如何安全地编码/解码/转义/任何需要的字符串 - PHP/mySQL - how to encode/decode/escape/whatever needed strings safely before inserting on database 转义字符串/在php脚本中插入 - Escape strings/ inserting in php script 如何使用 php cli 解密 .pgp 文件 - How to decrypt a .pgp file using php cli 使用php将文档批量插入到ouchbase数据库中-如何? - Bulk inserting documents into couchbase database with php - how to? 如何在php或mysql中搜索公共数据库 - How to search a public database in php or mysql php在csv输出文件中插入转义字符 - Php inserting escape characters in the csv output file 如何通过私钥进行签名并在php中通过公钥进行检查 - how make signature by private key and check it by public key in php PHP记录未插入数据库 - PHP record not inserting to database
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM