Dave Smith - 2015-11-09 05:42:54
Here is my solution for a private hash
file: ghosthash.class.php
<?php
class ghostHash{
public static function returnHash($publicKey){
$pepper = 'addalittlepepper';
return md5($pepper.$publicKey);
}
}
$ghostHash = new ghostHash();
?>
Change the $pepper variable to your own private key
1a) for max protection place the ghosthash.class.php file in a private folder on the server.
1b) for less protection if you don't have access to non web accessible folders, place it in the document root
2a) set the auto_prepend_file setting in php.ini to point to this file. example, auto_prepend_file = '/path/to/ghosthash.class.php'
3a) restart your server
2b) if you don't have access to the php.ini file and are not able to restart the server, set the auto_prepend_file setting in .htaccess by adding this line... php_value auto_prepend_file /path/to/ghosthash.class.php
3b) if your host does not allow you to change ini settings in .htaccess, contact them for their specific requirements, like a user defined ini file, etc...
Once this is set up properly, you can get a private hash using a public key by calling the static method...
ghosthash::returnHash(string publicKey);
encrypting using this ghost hash will always ensure that the file will have a valid public key and only on a system where the private hash is valid. It will now be safe to show the public key in the self executing encrypted file.
Dave
