NYCPHP Meetup

[nycphp-talk] Digital Signatures in PHP

Rolan Yang rolan at omnistep.com
Thu Jun 3 14:49:03 EDT 2004


Yea, sometimes I wish you could just pipe data to gpg and have it spit 
out an
encrypted message... rather than having it operate on an existing file. 
Storing
sensitive information in a temporary file  which has readable permissions
by the web server leaves me feeling a bit insecure too.


Dan Cech wrote:

> Daniel Convissor wrote:
>
>> On Thu, Jun 03, 2004 at 11:12:42AM -0400, Rolan Yang wrote:
>>
>>> How about md5()?
>>
>>
>> Exactly what I was going to say.  Simple.  Effective.
>
>
> Yeah, md5 is ok if you just want to take a hash to see if someone has 
> changed something, but I need to be able to store the message and the 
> hash together, so encryption is mandatory.
>
>> If you want something to actually SIGN with, then consider shelling 
>> out to GPG.
>
>
> I was looking into this, but it seems to have a few drawbacks, notably 
> having to write everything to file, I'd rather do it internally if at 
> all possible.
>
> Now that I have figured out how to get the keys into the right format 
> the openssl_sign and openssl_verify functions actually seem to work 
> very well, it's just a question of how reliable they are on older 
> versions of php.
>
> Dan
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>



More information about the talk mailing list