Tuesday, November 6, 2012

Securing your data using PHP and OpenSSL

I saw that there wasn’t alot of information on the internet about how to encrypt data in your web application using php an openssl, so here it is.
First of all you need to understand how ssl connections works. If you already know that just skip this part:
The secured socket layer or ssl has many applications, but mostly it is used for creating an encrypted data tunnel between two remote machines.
1. The client application sends a handshake request to the remote server;
2. The server sends the ssl certificate information along with his public key;
3. The client application checks the hostname, expiration date, and authority registration of the certificate, and if some of these parameters is not met then a warning message is displayed to the user.
4. After receiving the public key form the server the client application generates an envelope key that is used to encrypt the data transfer between the two machines. This key is then encrypted with the server’s public key and send back to the server.
5. The envelope key can be decrypted only with the private key that server has.
6. After both machines have the envelope the data transfer can begin.