PHP : Document Encryption

I am building a document management system and would like to know best way to encrypt and store documents uploaded by users. The application is being developed in PHP.
imsandeepAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
This is a little like saying, "I'm building a restaurant and would like to know the best way..."  There are so many variables surrounding the question that you can only get general guidance, and anything we publish here will be incomplete.  Information technology security is a full-time four year college major today.  Encryption is one tiny slice of it.

That said, you can use any of a number of PHP built-in encryption features.  Here is a code sample that shows how to encrypt and decrypt a string of data.  It also shows how to make the encrypted data safe for binary transport.  Some communications protocols and database systems respond to binary-value triggers embedded in the data, and you do not want those triggers to fire accidentally.  That's what the base64_encode() is all about.

Encrypted data will be larger than clear text data; you will want to plan for that.

Undoubtedly someone will come along and cry out that this encryption mechanism is "too soft" in one way or another.  I'm not going to get into those holy war topics.  if you've packaged the encryption process like this, in a class instance, you can associate the names of class and keys with the encrypted data, and you will always be able to get your data back.  If you want to add another encryption mechanism some day, that will be easy to do.

Please see: http://iconoun.com/demo/encrypt_decrypt.php
<?php // demo/encrypt_decrypt.php
/**
 * Show how to encrypt and decrypt information
 * with binary-safe transport over the internet
 *
 * http://php.net/manual/en/ref.mcrypt.php
 * http://php.net/manual/en/mcrypt.ciphers.php
 *
 * Note parallel construction in the mcrypt_{en|de}crypt() methods
 */
error_reporting(E_ALL);

class Encryption
{
    protected $key;

    public function __construct($key='quay')
    {
        // THE KEY MUST BE KNOWN TO BOTH PARTS OF THE ALGORITHM
        $this->key = $key;
    }

    public function encrypt($text)
    {
        // ENCRYPT THE DATA
        $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->key, $text, MCRYPT_MODE_ECB);

        // MAKE IT base64() STRING SAFE FOR STORAGE AND TRANSMISSION
        return base64_encode($data);
    }

    public function decrypt($text)
    {
        // DECODE THE DATA INTO THE BINARY ENCRYPTED STRING
        $text = base64_decode($text);

        // DECRYPT THE STRING
        $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->key, $text, MCRYPT_MODE_ECB);

        // DECLOP NUL-BYTES BEFORE THE RETURN
        return trim($data);
    }
}


// INSTANTIATE AN ENCRYPTION OBJECT FROM THE CLASS
$c = new Encryption();

// INITIALIZE VARS FOR LATER USE IN THE HTML FORM
$encoded = $decoded = NULL;

// IF ANYTHING WAS POSTED SHOW THE DATA
if (!empty($_POST["clearstring"]))
{
    $encoded = $c->encrypt($_POST["clearstring"]);
    echo "<br/>{$_POST["clearstring"]} YIELDS ENCODED ";
    var_dump($encoded);
}

if (!empty($_POST["cryptstring"]))
{
    $decoded = $c->decrypt($_POST["cryptstring"]);
    echo "<br/>{$_POST["cryptstring"]} YIELDS DECODED ";
    var_dump($decoded);
}

// CREATE THE FORM USING HEREDOC NOTATION
$form = <<<FORM
<form method="post">
<input name="clearstring" value="$decoded" />
<input type="submit" value="ENCRYPT" />
<br/>
<input name="cryptstring" value="$encoded" />
<input type="submit" value="DECRYPT" />
</form>
FORM;

echo $form;

Open in new window

If you're building a document management system, you may be able to get better results faster if you consider one of the existing document management systems.  Alfresco has a "community version" that is free and open-source.
https://www.alfresco.com/solutions/document-management

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Slick812Commented:
greetings  imsandeep, , ,  You seem to think that using Encryption will make your document files secure, but security of Disk-Files on a HTTP server, is about "Limiting HTTP Access" to those files, and Encryption can be ONE factor in your security chain of limiting Access,

However, you can have files that are encrypted, and because they can be accessed without Limiting the way they are accessed in PHP by the browser, they are still not secure.
In security concerns, there is not absolute Security, no matter what you do, or how much of it you do in PHP. You need to have a good level of security (limit Access to files to only those that have the proper access credentials) for the cost and time you can do for the level of security for the files importance.

If you can tell us more about your files and the management you need for them, There can be suggestions for your security concerns, from the experts here.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Document Management

From novice to tech pro — start learning today.