From several sources I have seen recommendations to encrypt authentication data (e.g., login passwords, certificates) when used within php code and yet I have not seen an explanation of how to do so. It would seem that if I encrypted the data within the code I would also need to place the decryption key within the code which would gain nothing for overall security. There must be something I am not understanding here! Can someone explain? Thanks.
Yes you both encrypt and cecrypt in the code, but the purpose of the encryption can have more than 1 reason. An example would be that you might want to store encrypted password in a DB. Everyone with access to that DB will not be able to read the passwords used.
I understand the encryption of passwords placed into the database but my question is about authentication keys that need to be handled within the code. One specific example would be a login name, password, and signature for a Paypal transaction. The Paypal documentation recommends encrypting this information to protect it. I have seen similar recommendations elsewhere. My question is a "how to" question: how do I encrypt this data so that it can be decrypted and sent to Paypal as part of a credit card transaction, how do I do this without also placing the decryption key in the code? Sorry if I wasn't specific enough with my initial question.