如何将加密密钥安全地存储在 php 代码文件中 [英] How to store the encryption keys securely in php code file
问题描述
我有一个用户向其提交敏感数据的网站,然后一个 php 脚本使用 rijndael 256 加密这些敏感数据并将其存储在 mysql 数据库中
I have a website that users submit sensitive data to it then a php script encrypts these sensitive data using rijndael 256 and store it in mysql database
问题是我想将密钥存储在一个安全的地方,只能由 php 脚本访问,其他人看不到
the problem is that I want to store the key in a secure place that can be accessed only by the php script and not to be seen by any other one
推荐答案
取决于您对数据的安全要求有多高.您可以考虑为每个用户使用不同的安全密钥,方法是对标识该特定客户的数据进行加密并将其附加到 256 位加密密钥上.但更好的是将密钥拆分并在整个密钥中插入加密数据.使破译变得更加复杂.这意味着如果程序员可以访问密钥,则程序员不能简单地解密每个人的数据,而不能访问客户加密的数据,而每个用户的加密数据都不同.
Depends on how high a security you need for the data. You could consider having a different security key for each user, by possibly encrypting the data that identifies that particular customer and attaching it onto the 256-bit encrypted key. But better still would be split the key up and insert that encrypted data throughout the key. Makes it more complex to decipher. This would mean if a programmer has access to the key the programmer can't simply decrypt everyones data without having access to the customer encrypted data as well which would be different for every user.
是的,程序员仍然可以将密钥回显到屏幕上,但他们还需要为每个要解密其数据的客户提供客户加密数据.
And yes it is true that the programmer can still echo the key out to the screen but they would ALSO need the customer encrypted data for each customer they want to decrypt the data of.
如果适用,您也可以考虑使用公钥和私钥加密.客户/用户可以生成他们自己的密钥.客户将公钥放入网站上的表格中,该表格存储在数据库中,然后客户/用户将拥有私钥来解密数据.您使用公钥加密数据.这意味着每个用户/客户都有自己的一组密钥.私钥甚至可以放在钥匙卡上并挂在计算机上以验证访问权限.
You could also consider Public and Private Key Encryption instead if applicable. The customer/user could generate their own keys. Customer places the public key into a form on the website which gets stored in the database, then the customer/user would have the private key to decrypt the data. You use the public key to encrypt the data. This would mean each user/customer would have their own set of keys. The Private key could possibly be even placed on a keycard and hooked to the computer to verify access.
更多信息@http://en.wikipedia.org/wiki/Public-key_cryptography
这篇关于如何将加密密钥安全地存储在 php 代码文件中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
