[nycphp-talk] Digital Signatures in PHP
rolan at omnistep.com
Thu Jun 3 14:49:03 EDT 2004
Yea, sometimes I wish you could just pipe data to gpg and have it spit
encrypted message... rather than having it operate on an existing file.
sensitive information in a temporary file which has readable permissions
by the web server leaves me feeling a bit insecure too.
Dan Cech wrote:
> Daniel Convissor wrote:
>> On Thu, Jun 03, 2004 at 11:12:42AM -0400, Rolan Yang wrote:
>>> How about md5()?
>> Exactly what I was going to say. Simple. Effective.
> Yeah, md5 is ok if you just want to take a hash to see if someone has
> changed something, but I need to be able to store the message and the
> hash together, so encryption is mandatory.
>> If you want something to actually SIGN with, then consider shelling
>> out to GPG.
> I was looking into this, but it seems to have a few drawbacks, notably
> having to write everything to file, I'd rather do it internally if at
> all possible.
> Now that I have figured out how to get the keys into the right format
> the openssl_sign and openssl_verify functions actually seem to work
> very well, it's just a question of how reliable they are on older
> versions of php.
> talk mailing list
> talk at lists.nyphp.org
More information about the talk