Web-D-Zine(WDZ) provides a class called wdzEncrypt which uses openssl_encrypt and openssl_decrypt from PHP Open SSL(Read notes on Open SSL) to encrypt and decrypt your data. The two funtions in wdzEncrypt for encrypting and decrypting your data are similar to the functions encryptString and decryptString found in Git hub - php-openssl-cryptor The major difference is that we use a small data structure called dsEncryptInfo.php to provide the cipher and hash method and this needs to be set up for your project prior to using the encryption class.
Setting up encryption in WDZ
Published on Friday 1st September 2023
Setting up dsEncryptInfo.php
Frequently asked questions
Do I have to use the encryption class provided by WDZ?
No - WZD uses the class system so when encryption is required, the user class usrWdzEncrypt is called. usrWdzEncrypt is blank, so you can write your own encryption function here if required. The only caveat is that you provide functions for encrypt and decrypt that use the same parameter as the ones in wdzEncrypt.
Why do you use a data structure to initialise wdzEncrtpt?
We want to keep your data safe, so storing some data in your code means that a hacker needs to gain access to both your data base and your code base before they are able to decrypt the personal data that you have on your computer.
Why are not all the ciphers available?
In general ciphers with short initialisation vectors are less secure than ciphers with longer initialisation vectors. This is why we reject ciphers with an initialisation vector of 0 bytes. We also reject ciphers because there is not a hashing algorithum that creates the key of the required length for the cipher.
Why is there a switch statement in the code produced?
When dsEncryptInfo is called, the name of the class initialising the data structure is passed in as a parameter, this means that you could have a different key for each of your data tables that are in your data base. You can also set up the rtvPasswordQuality to treat capital letters as differnt to lower letters or the same letter for each class.
What ciphers and hash algorithms do you recommend?
In general ciphers with short initialisation vectors and short initialisation keys are less secure than ciphers with longer initialisation vectors and keys. This is why the ciphers with zero length initialisation vectors were rejected straight away. So we would go for one of the ciphers with a 16 byte initialisation vector (value in brackets) and either a 64 or 32 byte key. Other than that then you really do need to do your own research because hackers are always trying to get sensitive data, and what is safe today might be compromised tomorrow.
Do you have any other recommendations?
Although the code exists for you to search and sort encrypted data, these options are not recommended?
- Sort puts the first few characters from the data in to a separate field and it is this field that is sorted. Having the first first few characters of your data along with the encrypted data could compromise your data as a whole.
- Search encrypts each individual character, so that the field can be searched. So seeing that there are only 26 possible characters, for the resultant code it makes that data less secure as a result.
- Retrieve is still safe and this uses a key and vector just for retrieve. You can set the retrieve up so that it ignores capital letters and treats them as lower class letters or you can specify that the capital letters matter
Category
Related News
Latest News
The design studio is an incredibly powerful tool within Web-D-Zine( WDZ ) in that it allows you to obtain Read more
Categories