encrypt_rsa
Encrypt RSA provides public-keys (asymmetrical) encryption method plugins for the Encrypt module, using RSA algorithm . These plugins offer a variety of solution to use public/private key to encrypt - and send - your date safely.
With normal symmetrical cryptography you use the same key to both encrypt and decrypt. Depending by the scenario, this has 2 downside:
- Anyone with enough permissions or even an external attacker can access your key and decrypt your data.
- You need to make sure your key is securely stored, because its the only thing ensuring data safety and privacy.
- You can decrypt the data too, which is something you probably want to avoid if there is a SLA/NDA in place with your client
Asymmetrical cryptography let you encrypt your data with a public key which you can safely store wherever you want, as the only key able to decrypt your data is the private key.
As RSA has got limits on the amount of data you can encrypt, this module use a technique called "Envelope", through standard libraries like OpenSSL or phpseclib.
Cryptography is always an evolving science. This module will try to be compatible with any underlying architecture, however this can have consequences on the level of security you will be able to achieve.
Currently the best solution is to:
- Run this module on PHP 7.x, where the OpenSSL extension allows using AES256 method for encrypting the random key
- Create a public/private RSA key pair, protected by passcode
- Select "Public OpenSSL Seal" encryption method. Protect the private key safely in the environment meant to decrypt.
Check the README.txt for additional info.