Encrypting files

Re: Encrypting files

In article <OY6dnXnuvuD0ve Hd4p2dnA@adelph ia.com>,
"Ed J" <jed@privacy.ne t> wrote:
[color=blue]
> It seems like my server is killing the PHP
> process before it can complete (maybe taking too long?). It can run to
> completion if I use a smaller file (e.g. 50KB).[/color]

You could issue a

set_time_limit( 0);

before starting the encryption process.

JP

--
Sorry, <devnull@cauce. org> is een "spam trap".
E-mail adres is <jpk"at"akamail .com>, waarbij "at" = @.

Re: Encrypting files


"Jan Pieter Kunst" <devnull@cauce. org> wrote in message
news:devnull-92792A.19184713 042004@news1.ne ws.xs4all.nl...[color=blue]
> In article <OY6dnXnuvuD0ve Hd4p2dnA@adelph ia.com>,
> "Ed J" <jed@privacy.ne t> wrote:
>[color=green]
> > It seems like my server is killing the PHP
> > process before it can complete (maybe taking too long?). It can run to
> > completion if I use a smaller file (e.g. 50KB).[/color]
>
> You could issue a
>
> set_time_limit( 0);
>
> before starting the encryption process.
>
> JP[/color]

JP! How could you! set_time_limit( 1000); by all means! But never 0! 8)

Garp

Re: Encrypting files

"Ed J" <jed@privacy.ne t> wrote in message
news:OY6dnXnuvu D0veHd4p2dnA@ad elphia.com...[color=blue]
> I need some sort of file encryption that I can invoke from my PHP web[/color]
pages,[color=blue]
> to protect sensitive files uploaded/downloaded by clients.
>
> I use https (SSL) for the upload/download, but once the transfer is
> complete, the files will reside on the server in unencrypted form. I want[/color]
to[color=blue]
> be able to apply at least one form of file encryption (Blowfish, AES,[/color]
etc.).

Using a symmetric cypher like Blowfish or AES alone won't give you any
additional security, because the key would reside in your PHP file. You need
to use some kind of public-key-private-key encryption, like RSA, so that the
web server can encrypt but not decrypt the files.

The easiest way is probably to spawn an instance of PGP or something
similiar.

Re: Encrypting files

On 4/14/04 7:48 PM, in article zvidnduU4s1kZ-DdRVn-uA@comcast.com, "Chung
Leong" <chernyshevsky@ hotmail.com> wrote:
[color=blue]
> "Ed J" <jed@privacy.ne t> wrote in message
> news:OY6dnXnuvu D0veHd4p2dnA@ad elphia.com...[color=green]
>> I need some sort of file encryption that I can invoke from my PHP web[/color]
> pages,[color=green]
>> to protect sensitive files uploaded/downloaded by clients.
>>
>> I use https (SSL) for the upload/download, but once the transfer is
>> complete, the files will reside on the server in unencrypted form. I want[/color]
> to[color=green]
>> be able to apply at least one form of file encryption (Blowfish, AES,[/color]
> etc.).
>
> Using a symmetric cypher like Blowfish or AES alone won't give you any
> additional security, because the key would reside in your PHP file. You need
> to use some kind of public-key-private-key encryption, like RSA, so that the
> web server can encrypt but not decrypt the files.[/color]

Actually, I just finished an article for International PHP Magazine (
http://www.phpmag.net ) that addresses the issues involved with symmetric
cyphers in interpreted languages like PHP. There *are* lots of options.
Should hit the newsstands at the end of the month.
[color=blue]
> The easiest way is probably to spawn an instance of PGP or something
> similiar.[/color]

Spawning an instance is not secure on multi-user systems. See:



Last time I checked John Coggeshall was working on a PECL module for
libgcrypt.

Cheers,
Robert
--
Robert Peake | Peake Professional Consulting
Robert@PeakePro .com | http://www.peakepro.com/