ReTweet
Author: Nick Daniels
Posted on: 2015-11-12
Package: PHP Ghost Crypt
This is a solution for a more secure Hash, involving Public and Private Key Hashes by Dave Smith for Ghost Crypt; also Known for Ghost Hash.
Here is my solution for a private hash
file: ghosthash.class.php
<?php
class ghostHash
{
public static function returnHash($publicKey){
$privateKey = 'addalittlepepper';
return md5($privateKey.$publicKey);
}
}
Change the $pepper variable to your own private key
1a) for max protection place the ghosthash.class.php file in a private folder on the server.
1b) for less protection if you don't have access to non web accessible folders, place it in the document root
2a) set the auto_prepend_file setting in php.ini to point to this file. example, auto_prepend_file = '/path/to/ghosthash.class.php'
3a) restart your server
2b) if you don't have access to the php.ini file and are not able to restart the server, set the auto_prepend_file setting in .htaccess by adding this line... php_value auto_prepend_file /path/to/ghosthash.class.php
3b) if your host does not allow you to change ini settings in .htaccess, contact them for their specific requirements, like a user defined ini file, etc...
Once this is set up properly, you can get a private hash using a public key by calling the static method...
ghosthash::returnHash(string publicKey);
encrypting using this ghost hash will always ensure that the file will have a valid public key and only on a system where the private hash is valid. It will now be safe to show the public key in the self executing encrypted file.
Dave
file: ghosthash.class.php
<?php
class ghostHash
{
public static function returnHash($publicKey){
$privateKey = 'addalittlepepper';
return md5($privateKey.$publicKey);
}
}
Change the $pepper variable to your own private key
1a) for max protection place the ghosthash.class.php file in a private folder on the server.
1b) for less protection if you don't have access to non web accessible folders, place it in the document root
2a) set the auto_prepend_file setting in php.ini to point to this file. example, auto_prepend_file = '/path/to/ghosthash.class.php'
3a) restart your server
2b) if you don't have access to the php.ini file and are not able to restart the server, set the auto_prepend_file setting in .htaccess by adding this line... php_value auto_prepend_file /path/to/ghosthash.class.php
3b) if your host does not allow you to change ini settings in .htaccess, contact them for their specific requirements, like a user defined ini file, etc...
Once this is set up properly, you can get a private hash using a public key by calling the static method...
ghosthash::returnHash(string publicKey);
encrypting using this ghost hash will always ensure that the file will have a valid public key and only on a system where the private hash is valid. It will now be safe to show the public key in the self executing encrypted file.
Dave
You need to be a registered user or login to post a comment
1,472,243 PHP developers registered to the PHP Classes site.
Be One of Us!
Login Immediately with your account on:
 |  | ||
 |  | ||
 |  |
Comments:
2. Ghost Crypt - GP Das (2015-11-17 06:58)
Syntax Error... - 0 replies
Read the whole comment and replies
1. Thanks - Dave Smith (2015-11-12 13:49)
for the honorable mention... - 0 replies
Read the whole comment and replies
