I generated a public and private key to use for encryption purposes. There is a passphrase connected to the private key but I know I shouldn't be showing it in plain text like this.
What should I do to protect this password so it isn't shown in plain-text?
// $data = encrypted data using RSA public key
// $key = the key that came along with the encrypted data
// find private key
$pkeyid = openssl_get_privatekey("file:///path/to/private.pem", "PASSWORD");
// try and decrypt the data using private key
openssl_open($data, $decrypted_data, $key, $pkeyid);
// if all went well, show decrypted data
echo $decrypted_data;
There are various ways to do this to what extent do you need to go to protect your password(s)?
Why not save it in a secure file and read it in when needed?
Below is a list of levels you can go through to ensure maximum protection of master keys. Each step will add more protection to the previous step.