I want to write an emergency update module, the idea is to 'eval' the incoming code from me. Only here is one thing, the problem is security. It turns out someone left can send such a request. Heard about one-way cryptography algorithms, such as AES256. How can I encrypt the necessary code and execute in PHP?

  • one
    "Heard about one-way cryptography algorithms, such as AES256." Badly heard. AES is a symmetric encryption algorithm and everything that is encrypted by it can be decrypted if there is a key. You should look towards EDS. - Vladimir Martyanov
  • It should be so. I send the encrypted code, on the client side it is decrypted by key, if successful, it is executed. - Filipp Mustang
  • Then what is the question? How to encrypt - as you wish. RC4 / AES / Blowfish / God knows what. - Vladimir Martyanov
  • The question of implementation. - Filipp Mustang
  • one
    @FilippMustang you correctly said, look in the direction of the EDS, i.e. asymmetric encryption. The fact is that symmetric algorithms allow an attacker to find out your decryption key (and it will be in the source code of the function performing eval), encrypt its arbitrary code with such a key and give it to the execution and it will be decrypted and executed. And asymmetric algorithms will allow the performing party to always know that the code has been received from you, since it is encrypted with your private key, unknown to anyone but you - Mike

0