Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Remi Collet:
ZipArchive with encryption
Mar 03, 2017 @ 12:56:56

In this new post Remi Collet focuses on the use of the zip extension and using the ZipArchive functionality to create encrypted archives with PHP.

Point of the situation with the development of zip extension version 1.14.0 which implements support of encrypted archives.

This new feature implementation rely on libzip library new version 1.2.0. For now, only build using system library is supported for this new feature, but an update of the bundled library is planed. When everything will be validated, version will be released and merged in php sources (ext/zip), probably in PHP 7.2.

This development is in progress, nothing final, proposed methods still can change.

The tutorial shows how to get the package installed (via a clone of the GitHub repository) and how to work with encrypted archives, creating and reading their contents.

tagged: tutorial ziparchive zip extension encrypted

Link: https://blog.remirepo.net/post/2017/03/01/ZipArchive-with-encryption

AWS Developer Blog:
Automating the Deployment of Encrypted Web Services with the AWS SDK for PHP (Pa
Feb 17, 2017 @ 12:25:48

The Amazon Web Services blog has posted the second part of their series covering the automated deployment of encrypted web services with the AWS SDK. In this new tutorial (part two, part one is here) they continue with the deployment of services: AWS Elastic Beanstalk, Amazon Route 53 and Amazon CloudFront.

In the first post of this series, we focused on how to use Amazon Route 53 for domain registration and use Amazon Certificate Manager (ACM) to create SSL certificates. With our newly registered domain available for use, we can proceed to deploy and configure the services we need to host the www.dev-null.link website across an encrypted connection. Once complete, the infrastructure configuration will reflect the diagrams [included in the post].

The tutorial then walks you through each of the services you need to deploy and shares the code (using the AWS PHP SDK) to show how to automate the process. There's also a few screenshots included of various page results and admin UIs to help you be sure you're in the right place.

tagged: aws amazon deployment encrypted webservice sdk tutorial series part2

Link: https://aws.amazon.com/blogs/developer/automating-the-deployment-of-encrypted-web-services-with-the-aws-sdk-for-php-part-2/

Kevin Schroeder's Blog:
Encrypted session handler
Nov 17, 2010 @ 09:54:36

In a new post to his blog Kevin Schroeder shares an encrypted session handler he's created to keep sensitive information away from prying eyes (since session data is usually plain text). The result ended up in a component easily used in a Zend Framework application.

A little while ago I had come upon the problem of having to store sensitive data in a user session. The solution that I (and several others came upon) was creating a mechanism for storing encrypted data in a session. But what we wanted to do was build something that didn't have a single point of failure. We also wanted to build something portable. What we built was a simple Zend Framework session handler for storing sensitive data.

The class - App_Session_Secure_Namespace - extends the standard Zend namespace and uses the mcrypt functionality to encrypt (and decrypt the session data). The setup uses a cookie for the initialization vector (domain based, naturally) making it very difficult for someone to access the encrypted session information outside of the application.

tagged: zendframework encrypted session handler tutorial


Rob Richards' Blog:
WS-* for PHP
Mar 23, 2010 @ 09:14:02

Rob Richards has posted about some updates that have been made to the WSE-PHP project to include support for dealing with encrypted SOAP messages. He talks some about the implementation and how it can help secure your application.

Support for dealing with encrypted SOAP messages was a feature that had been missing from my WS-* libraries pretty much due to my lack of time to implement it. When people ask for help interoperating with a SOAP server that requires encryption I typically just point them over to the WSF project. [...] I decided to finally set aside some time and implement the encryption/decryption portion of the library. Note that it was developed against some WCF services implementing message level security, so your mileage might vary against other platforms. Bug reports would be fastest way of getting any of those issues dealt with.

The WSE-PHP project lives on the Google Code site and provide support for a portion of WS-Addressing and WS-Security that can be used with ext/soap in PHP. TO use the library, you'll need to have the xmlseclibs library already installed.

tagged: encrypted soap message wsf library wsephp