Secure password encryption/decryption of strings in PHP

Question

I wanted to know if there exists a somewhat simple, but secure, method to encrypt strings(not passwords), with a password which is not stored on the server, in PHP.

I've checked A reversible password encryption routine for PHP, but I'm unsure if it is secure enough if intruders have access to the server and source.

We're talking about a automatic system where a computer sends a request to a server, which stores information in a log. So I'm thinking I could send the encryption password in the request header, preferably encrypted, but then it would be difficult to decrypt without storing the password somehow on the server. Wait, I think i might be complicating things a bit too much, but I hope you get the idea... It's meant to keep the information safe, even if hackers have full control over the server.

Answer 1

If I understand you correctly, you aim for a log that is encrypted by the server. The requests are sent in plain, but you'd like to log something like per-user access statistics or the like and you deem this data to be confidential, so it should be encrypted by the server and also be decrypted by the server, if necessary.

If this is the case, it is actually not all too complicated.

• Generate an encryption key (AES would be a good choice) that is to be used by the server.
• You store this key in a file.
• Make sure that the application and only a few selected people have access to that location. Worst case would be it's served in your public files and anyone could download it from the web. So put it in a folder far away from your public resources :)
• Encrypt that file using password-based encryption e.g. PBKDF2 in RFC 2898.

Then you will realize that you created a hen-egg problem - the file again needs a password for the server to have access to the key stored inside. But here's the trick - you will have to enter the key upon server startup manually, and that's the ephemeral component you need. The password for the file should be out-of-band information (e.g. placed in a physical vault) and nowhere on the computer itself.

An alternative (but potentially less secure because the password would be present in some physical form) is to rely on OS-specific "password vaults" such as Windows' Isolated Storage.

Answer 2

One option for this, which would seem to meet your requirements, would be to use public/private key cryptography. If you had the user encrypt the string using a public key then had the encrypted data stored on the server it would not be possible for an attacker to decrypt the data.

when/if you need to decrypt the data just copy it to a location where you have the private key and use that for decryption.