dongqian0763 2014-07-17 19:33
浏览 202

解密数据时保护我的RSA私钥密码

I generated a public and private key to use for encryption purposes. There is a passphrase connected to the private key but I know I shouldn't be showing it in plain text like this.

What should I do to protect this password so it isn't shown in plain-text?

// $data = encrypted data using RSA public key
// $key = the key that came along with the encrypted data

// find private key
$pkeyid = openssl_get_privatekey("file:///path/to/private.pem", "PASSWORD");

// try and decrypt the data using private key
openssl_open($data, $decrypted_data, $key, $pkeyid);

// if all went well, show decrypted data
echo $decrypted_data;
  • 写回答

1条回答 默认 最新

  • dtdt0454 2014-07-17 20:02
    关注

    There are various ways to do this to what extent do you need to go to protect your password(s)?

    Why not save it in a secure file and read it in when needed?

    Below is a list of levels you can go through to ensure maximum protection of master keys. Each step will add more protection to the previous step.

    1. Isolation of the masterkey in a repository on a secure server
    2. Restriction of access to server containing the masterkey
    3. Encryption of the masterkey in the repository. (See Red Key/Black Key)
    4. Randomness and frequent changing of the masterkey
    评论

报告相同问题?

悬赏问题

  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器