You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Tim Gardner <tg...@codeHorse.com> on 2001/06/14 22:54:10 UTC
ssl encryption
When apache is serving a ssl connection, I assume that everything
sent back and forth between the server and the client is encrypted.
I want an mod_perl script to encrypt/decrypt credit card numbers
obtained over the ssl connection for storage in a db on the server.
Is there any access to the same routines that apache is using for the
encryption or do I have to use some other module. If I have to use
another module, what would be a good choice?
Thanks,
Tim
Re: ssl encryption
Posted by Mark Madsen <ma...@internap.com>.
Apache uses OpenSSL to implement the transport encryption for HTTP
connections. You can find out more at http://www.openssl.org
This isn't necessarily how you would want to encrypt things on disk, however.
Encrypting a regular file or db file is not really a typical public key
encryption task -- typically this is done by using a block cipher like
Blowfish and a single shared secret. Information is available at:
http://www.counterpane.com/blowfish.html, and there are perl modules on CPAN
as Crypt::Blowfish.
Hope this helps.
> When apache is serving a ssl connection, I assume that everything
> sent back and forth between the server and the client is encrypted.
> I want an mod_perl script to encrypt/decrypt credit card numbers
> obtained over the ssl connection for storage in a db on the server.
> Is there any access to the same routines that apache is using for the
> encryption or do I have to use some other module. If I have to use
> another module, what would be a good choice?
>
> Thanks,
> Tim
>
-------------------------------------------------------------------------------
Mark Madsen EMAIL: mark@internap.com
Internap Network Services OFFICE: 206.441.8800
601 Union Street, Suite 1000 FAX: 206.264.1833
Seattle, WA 98101 PAGER: 888.464.6381
* The contents of this message are proprietary and confidential *
Re: ssl encryption
Posted by Martin Redington <m....@ucl.ac.uk>.
Not storing the credit card numbers at all would be the best option :-)
If you must, we've usually used crypt for one-way encryption, or
Crypt::BlowFish for stuff we need to be able to decrypt (look after your
key!).
On Thursday, June 14, 2001, at 09:54 pm, Tim Gardner wrote:
> When apache is serving a ssl connection, I assume that everything sent
> back and forth between the server and the client is encrypted. I want
> an mod_perl script to encrypt/decrypt credit card numbers obtained over
> the ssl connection for storage in a db on the server. Is there any
> access to the same routines that apache is using for the encryption or
> do I have to use some other module. If I have to use another module,
> what would be a good choice?
>
> Thanks,
> Tim
>
Re: ssl encryption
Posted by Kevin Schroeder <mi...@mirageworks.com>.
Then the question comes up of what happens if you're not storing it in a
database? Say, for example, every night at midnight there's a report that
gets taken from the database and emailed to a manager in an Excel
spreadsheet that contains all the purchasing information from the previous
day. Plus, most people concur that there is no such thing as a 100% secure
system, however, using a 2048 bit GPG asynchronous key would make it quite
difficult to get that information, even if the server was broken into and
all the root passwords were changed. Then, of course, the intruder could
change the passkey for the encryption and send the reports to himself.
Then, of course you could modify "su" to report whenever someone uses it to
su to root, but that's only valid if they get in with su. But then we're
getting beyond the scope of this mailing list. I guess there really is no
such thing as absolute security, only probable security. Oh well.
Kevin
----- Original Message -----
From: "Vivek Khera" <kh...@kcilink.com>
Newsgroups: ml.apache.modperl
To: <mo...@apache.org>
Sent: Friday, June 15, 2001 2:23 PM
Subject: Re: ssl encryption
> >>>>> "KS" == Kevin Schroeder <mi...@mirageworks.com> writes:
>
> KS> This would make an interesting discussion because I've had the
> KS> same question come up in my mind. How do you encrypt things on
> KS> your server without giving out the passphrase? Is it even
> KS> possible to keep the key in the same location as the program using
> KS> it and still maintain security?
>
> No; the only way to secure this would be to make the server ask you to
> type the passphrase on startup, and you never write this down. This
> makes it impossible to have automated restart, of course.
>
> Better thing to do is to secure your database server a bit better.
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Vivek Khera, Ph.D. Khera Communications, Inc.
> Internet: khera@kciLink.com Rockville, MD +1-240-453-8497
> AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
>
Re: ssl encryption
Posted by Vivek Khera <kh...@kcilink.com>.
>>>>> "KS" == Kevin Schroeder <mi...@mirageworks.com> writes:
KS> This would make an interesting discussion because I've had the
KS> same question come up in my mind. How do you encrypt things on
KS> your server without giving out the passphrase? Is it even
KS> possible to keep the key in the same location as the program using
KS> it and still maintain security?
No; the only way to secure this would be to make the server ask you to
type the passphrase on startup, and you never write this down. This
makes it impossible to have automated restart, of course.
Better thing to do is to secure your database server a bit better.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: khera@kciLink.com Rockville, MD +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
Re: ssl encryption
Posted by Martin Redington <m....@ucl.ac.uk>.
One solution is to set a perl variable in a conf file that is only
readable by root. The parent httpd process can read this, and the
children can inherit it, but its not visible in the code.
If your httpd children need to be able to read in the password, then
you'll need less restrictive permissions on the password file.
Of course you need to be able to trust your application developers not
to dump the variable out into the world.
A slightly better method is to abstract away from the connection method,
so that your application developers don't use the password directly, but
call a library routine that hands them a connection object, using the
password variable under the hood.
I've seen this used, and it worked quite well, although having the
password in plain text anywhere is a little disturbing.
A slightly better approach would be to keep a file of blowfish encrypted
keys to be read during startup, and to somehow pass the key to decrypt
the keys in manually during Apache startup, via a prompt. Stronghold
does this at startup, in order to get the passphrase for your
certificate. I'm not sure exactly how to do this from scratch, but I
believe there are modules that allow you to embed perl in conf files,
which might work, or you might be able to do it via startup.pl
On Friday, June 15, 2001, at 12:44 am, Kevin Schroeder wrote:
> This would make an interesting discussion because I've had the same
> question
> come up in my mind. How do you encrypt things on your server without
> giving
> out the passphrase? Is it even possible to keep the key in the same
> location as the program using it and still maintain security?
>
> Kevin
>
> ----- Original Message -----
> From: "Benjamin Trott" <be...@rhumba.pair.com>
> To: "modperl" <mo...@apache.org>
> Sent: Thursday, June 14, 2001 5:00 PM
> Subject: Re: ssl encryption
>
>
>>> When apache is serving a ssl connection, I assume that everything
>>> sent back and forth between the server and the client is encrypted.
>>> I want an mod_perl script to encrypt/decrypt credit card numbers
>>> obtained over the ssl connection for storage in a db on the server.
>>> Is there any access to the same routines that apache is using for the
>>> encryption or do I have to use some other module. If I have to use
>>> another module, what would be a good choice?
>>
>> You could use either an asymmetric cipher or a symmetric cipher.
>>
>> An example of the former is Crypt::RSA (Crypt::DSA is another, but DSA
>> is
>> used only for signing/verification, not for encryption/decryption).
>>
>> A good, fast example of the latter is Crypt::Blowfish. Used together
>> with
>> Crypt::CBC, you get Blowfish in CBC mode:
>>
>> use Crypt::CBC;
>> my $cipher = Crypt::CBC->new('passphrase', 'Blowfish');
>> my $ciphertext = $cipher->encrypt('data');
>> my $plaintext = $cipher->decrypt($ciphertext);
>>
>> In other words, you use the same passphrase to both encrypt and decrypt
> the
>> data (ie. symmetric).
>>
>> Personally, I think I'd use a symmetric cipher, but the thing you have
>> to
> be
>> careful of is leaving your passphrase around in plain text (eg. in a
>> script). Doing this negates many of the benefits of encrypting the
>> data in
>> the first place. :) Sadly I'm not sure of the best answer to this
>> dilemma.
>>
>> bye,
>> Ben
>>
>>
>
>
Re: ssl encryption
Posted by Fabrice Scemama <ge...@scemama.org>.
Yes, it's possible. To achieve this, you should use asymetric
encryption, and *not* store the private key in the server.
Then, the question remains : how can I have the server safely
decrypt on demand ?! one possible solution could be to store
the private key in a remote server, dedicated to the unique
task of decrypting the sensitive data. A secure tunnel could be
established between the two servers, so to communicate the
encrypted text, and get back the decrypted text safely.
You could even add security by storing the private key in a
smartcard, and having the smartcard reader connected to the
server. Decryptions would have to be done within the smartcard.
It's completely possible, but you almost certainly don't want such
CPU-expensive operations be done within a 8-bit smartcard !
On Thu, 14 Jun 2001, Kevin Schroeder wrote:
> This would make an interesting discussion because I've had the same question
> come up in my mind. How do you encrypt things on your server without giving
> out the passphrase? Is it even possible to keep the key in the same
> location as the program using it and still maintain security?
>
> Kevin
Re: ssl encryption
Posted by Kevin Schroeder <mi...@mirageworks.com>.
This would make an interesting discussion because I've had the same question
come up in my mind. How do you encrypt things on your server without giving
out the passphrase? Is it even possible to keep the key in the same
location as the program using it and still maintain security?
Kevin
----- Original Message -----
From: "Benjamin Trott" <be...@rhumba.pair.com>
To: "modperl" <mo...@apache.org>
Sent: Thursday, June 14, 2001 5:00 PM
Subject: Re: ssl encryption
> > When apache is serving a ssl connection, I assume that everything
> > sent back and forth between the server and the client is encrypted.
> > I want an mod_perl script to encrypt/decrypt credit card numbers
> > obtained over the ssl connection for storage in a db on the server.
> > Is there any access to the same routines that apache is using for the
> > encryption or do I have to use some other module. If I have to use
> > another module, what would be a good choice?
>
> You could use either an asymmetric cipher or a symmetric cipher.
>
> An example of the former is Crypt::RSA (Crypt::DSA is another, but DSA is
> used only for signing/verification, not for encryption/decryption).
>
> A good, fast example of the latter is Crypt::Blowfish. Used together with
> Crypt::CBC, you get Blowfish in CBC mode:
>
> use Crypt::CBC;
> my $cipher = Crypt::CBC->new('passphrase', 'Blowfish');
> my $ciphertext = $cipher->encrypt('data');
> my $plaintext = $cipher->decrypt($ciphertext);
>
> In other words, you use the same passphrase to both encrypt and decrypt
the
> data (ie. symmetric).
>
> Personally, I think I'd use a symmetric cipher, but the thing you have to
be
> careful of is leaving your passphrase around in plain text (eg. in a
> script). Doing this negates many of the benefits of encrypting the data in
> the first place. :) Sadly I'm not sure of the best answer to this dilemma.
>
> bye,
> Ben
>
>
Re: ssl encryption
Posted by Benjamin Trott <be...@rhumba.pair.com>.
> When apache is serving a ssl connection, I assume that everything
> sent back and forth between the server and the client is encrypted.
> I want an mod_perl script to encrypt/decrypt credit card numbers
> obtained over the ssl connection for storage in a db on the server.
> Is there any access to the same routines that apache is using for the
> encryption or do I have to use some other module. If I have to use
> another module, what would be a good choice?
You could use either an asymmetric cipher or a symmetric cipher.
An example of the former is Crypt::RSA (Crypt::DSA is another, but DSA is
used only for signing/verification, not for encryption/decryption).
A good, fast example of the latter is Crypt::Blowfish. Used together with
Crypt::CBC, you get Blowfish in CBC mode:
use Crypt::CBC;
my $cipher = Crypt::CBC->new('passphrase', 'Blowfish');
my $ciphertext = $cipher->encrypt('data');
my $plaintext = $cipher->decrypt($ciphertext);
In other words, you use the same passphrase to both encrypt and decrypt the
data (ie. symmetric).
Personally, I think I'd use a symmetric cipher, but the thing you have to be
careful of is leaving your passphrase around in plain text (eg. in a
script). Doing this negates many of the benefits of encrypting the data in
the first place. :) Sadly I'm not sure of the best answer to this dilemma.
bye,
Ben