May 31, 2012

Best way to save encrypt/decrypt key?

Question by Kenneth Poulsen

I’m developing a wordpress plugin.
In that plugin the user need to type some important login details, which I will use in a cron-job.

I will of cause like to encrypt the password, and found this useful stuff:
Best way to use PHP to encrypt and decrypt?

However, how should I save the key?
I can’t save it in a file, since all files will be replaced when the user update the plugin.
And save it in the database, well – that’s not exactly smart i guess.

Any suggestions?

Answer by Starx

I think its better, if you save the key on the database table. About the part of securing the database and making sure that the data in the table will only be accessible by the authorized person, You can create a second user, with the privilege of accessing and reading such vital tables.

Therefore, create a separate user, who will have the authority to access the table and its contents. Now, use the website, with a different user, and switch to a administrative database user, when you need to access the encryption key and other vital information.

Author: Nabin Nepal (Starx)

Hello, I am Nabin Nepal and you can call me Starx. This is my blog where write about my life and my involvements. I am a Software Developer, A Cyclist and a Realist. I hope you will find my blog interesting. Follow me on Google+

...

Please fill the form - I will response as fast as I can!