在 PHP 中加密大量数据

Question

I develop a software which have to crypt data before to send it to another instance of the same soft (which have to decrypt it of course). I first use openssl_public_encrypt / openssl_private_decrypt, like that

foreach(str_split($sData, MAXSIZE) as $sChunk)
{
    if( ! @openssl_public_encrypt($sChunk, $crypted, $sPublicKey)) throw new Exception('openssl_public_encrypt');
    $aCrypted[] = $crypted;
}

and

$sResult = '';
foreach($aCrypted['data'] as $ct => $sChunkCrypted)
{
    if( ! openssl_private_decrypt($sChunkCrypted, $sChunk, $sPrivateKey)) throw new Exception("decrypt");
    $sResult .= $sChunk;
}

because the chunk of data to encrypt can't be larger than the key, but the decrypt part take too much time (xdebug tells me this is calls to openssl_private_decrypt() which take all the time).

I try with symmetric algorithms mcrypt_decrypt/MCRYPT_RIJNDAEL_256 (with openssl to crypt the key) but it's worse. What can I do to transfert large amount of data in a secure way? Files are CSV (text) and are put on a SSH/SFTP server, they have to be crypted.

Thanks,
Cédric

Answer 1

Just use SCP or SFTP. They'll use SSL for the actual data transmission, so you'll get the encryption stuff automatically. If you need to STORE the files in a crypted state, then you'll have to use mcrypt and its friends to do the encryption for you.

As for the "data has to be smaller than the key" only applies in a one-time-pad situation. Modern ciphers essentially always have keys that are smaller than the data being encrypted.... think of a large RAR or ZIP file - multi-megabytes of data, but a key (password) that's only a few characters in size.