I have a codeigniter application that allows users to register and log in to (their passwords are hashed). Now creating a messaging system is all fine but I need a way to keep the messages encrypted in the database. I was planning on using a public key system where every user will have a public/private key pair however I am not sure it's possible to safely store the private keys on the web server. Is there any way to do this?
我有一个codeigniter应用程序,允许用户注册和登录(他们的密码被哈希)。现在创建一个消息传递系统都很好,但我需要一种方法来保持消息在数据库中加密。我打算使用公钥系统,每个用户都有一个公钥/私钥对,但我不确定是否可以安全地将私钥存储在Web服务器上。有没有办法做到这一点?
Also I don't really want the user to have to enter a key or their own password every time they send a message.
此外,我并不希望用户每次发送消息时都必须输入密钥或自己的密码。
Any guidance would be appreciated
任何指导将不胜感激
2 个解决方案
#1
2
First ask yourself "Do I really need this information encrypted?" I would guess that, unless you're working for a bank, you probably don't. But if you reeeeaallly must, use CI's Encryption class:
首先问自己“我真的需要加密这些信息吗?”我猜想,除非你在银行工作,否则你可能不会。但是如果你必须使用CI的加密类:
http://codeigniter.com/user_guide/libraries/encryption.html
http://codeigniter.com/user_guide/libraries/encryption.html
#2
1
You have various problems to solve, not just encrypt stuff and store it. If it's not encrypted at some point in time, that's a critical stage. Encrypting the messages and then storing them is technically easy but doesn't make much sense. Better ask for the pre encrypted message with a public key system and just store that. Trying to dumb down an encryption system just defeats the pourpose. Other problem is security of the private keys, what if they get stolen? All is worthless. Don't store keys, ever. It defeats the pourpose unless you are a james bond villian mastermind.
您需要解决各种问题,而不仅仅是加密和存储它们。如果它在某个时间点没有加密,那就是一个关键阶段。加密消息然后存储它们在技术上很容易,但没有多大意义。最好使用公钥系统询问预先加密的消息并将其存储起来。试图愚弄加密系统只是打败了pourpose。其他问题是私钥的安全性,如果它们被盗会怎么样?一切都毫无价值。永远不要存储钥匙。除非你是一个詹姆斯·邦斯威利安策划者,否则它会击败这个蠢货。
#1
2
First ask yourself "Do I really need this information encrypted?" I would guess that, unless you're working for a bank, you probably don't. But if you reeeeaallly must, use CI's Encryption class:
首先问自己“我真的需要加密这些信息吗?”我猜想,除非你在银行工作,否则你可能不会。但是如果你必须使用CI的加密类:
http://codeigniter.com/user_guide/libraries/encryption.html
http://codeigniter.com/user_guide/libraries/encryption.html
#2
1
You have various problems to solve, not just encrypt stuff and store it. If it's not encrypted at some point in time, that's a critical stage. Encrypting the messages and then storing them is technically easy but doesn't make much sense. Better ask for the pre encrypted message with a public key system and just store that. Trying to dumb down an encryption system just defeats the pourpose. Other problem is security of the private keys, what if they get stolen? All is worthless. Don't store keys, ever. It defeats the pourpose unless you are a james bond villian mastermind.
您需要解决各种问题,而不仅仅是加密和存储它们。如果它在某个时间点没有加密,那就是一个关键阶段。加密消息然后存储它们在技术上很容易,但没有多大意义。最好使用公钥系统询问预先加密的消息并将其存储起来。试图愚弄加密系统只是打败了pourpose。其他问题是私钥的安全性,如果它们被盗会怎么样?一切都毫无价值。永远不要存储钥匙。除非你是一个詹姆斯·邦斯威利安策划者,否则它会击败这个蠢货。