how to store private keys in database or server (php)
Question
I have a web application that uses private and public keys to encrypte my fillable form.
I'm using OPENSSL and PHP. My question is that how can i store private keys for each user in database or server? I dont know which one is more safely. Additionaly, my encyrption code ;
//create new private and public key
$new_key_pair = openssl_pkey_new(array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
));
openssl_pkey_export($new_key_pair, $private_key_pem);
$details = openssl_pkey_get_details($new_key_pair);
$public_key_pem = $details['key'];
//create signature
//openssl_sign($data, $signature, $private_key_pem, OPENSSL_ALGO_SHA256);
//save for later
file_put_contents('private_key.pem', $private_key_pem);
file_put_contents('public_key.pem', $public_key_pem);
//file_put_contents('signature.dat', $signature);
//verify signature
//$r = openssl_verify($data, $signature, $public_key_pem, "sha256WithRSAEncryption");
//var_dump($r);
echo $private_key_pem;
echo "\r\n";
echo $public_key_pem;
echo "\r\n";
echo $data;
echo "\r\n";
How can i prevent my private and public keys ? It shows on the screen
1 answers
solution1
1 ACCPTED 2014-04-16 21:39:17
The public key need no security, so you can save as clear text in the database.
with the private key you have different solution based on level of security and kinds of attacks you want to avoid.
1 save the pk as clear text in the db. Never write php code that echo the pk
2 save the pk in p12 format protect it with a password. You can prompt the password to the user every time you need
3 generete, store and use the pk using a HSM http://en.m.wikipedia.org/wiki/Hardware_security_module
i suggest solution 2.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.