Showing posts with label password-protection. Show all posts
Showing posts with label password-protection. Show all posts

Tuesday, October 4, 2022

[FIXED] How to verify the password in PHPExcel generated ".xls" file?

      , , ,      No comments   

Issue

I am generating excel files with extension .xls using PHPExcel library. The excel file is generating. I am using password protection for the document and made only some fields editable. I am doing an Export Import mechanism. It is perfectly working now and I need to add some modification.

My question is

Is it possible to verify the password I given to protect the document? So that I can check it at the time of import

For example

If I protect the document using 

$sheet -> getProtection() -> setPassword('MyPassword');

Is there any function like below for checking the password?

$newsheet -> getProtection() -> verifyPassword('MyPassword');

Any help could be appreciated.


Solution

You should be able to use

$hash = $sheet->getProtection()->getPassword(); // returns a hash
$valid = ($hash === PHPExcel_Shared_PasswordHasher::hashPassword($password));

if($valid) {
    //
}


Answered By - Tom Regner
Answer Checked By - Senaida (PHPFixing Volunteer)

Wednesday, January 12, 2022

[FIXED] How to store private encrypted user data in the database, but make them available to other chosen users?

      , , , ,      No comments   

Issue

firstly, I apologize if my question sounds little confusing, I will try my best to describe my scenario as detailed as possible:

I have website where user can input their personal data about themselves. They are mainly health data, so it's very private and sensitive information. So I need to encrypt this data on the server even then the server is compromised these data are secured because they will be encrypted with each user's password. Of course, user passwords will not be stored as clear-type text on the server, only password hashes.

But my problem is that the website will offer "social function" when user can choose to share some of his/her information with another user. But this would be problem, because I will not have any way of decrypting user private data and so I can't show it to another user.

Can you please give me some options, or at least ideas, how could this be solved ? Preferrably using LAMP environment.


Solution

This can be solved using public-key cryptography:

  1. Generate a public/private key pair for each user; and only ever decrypt the private key temporarily with the user's password.
  2. For each data item, randomly choose a (symmetric) key S and encrypt the data d with it. Store S(d).
  3. Encrypt S with the the public key P+u of the user you want to grant access. Initially, that's the user u whose data you're storing.
  4. Store P+u(S) permanently. Forget all other keys.

Now, when a user u wants to share the data with the user x, do the following:

  1. Decrypt the user's private key P-u with the user's password.
  2. Using that private key, decrypt the stored data: P-u(P+u(S)) = S.
  3. Encrypt S with the public key of the user you want to share the information with.
  4. Store the resulting P+x(S) permanently. Forget all other keys.

Now, when any user x wants to access the data, perform the following process:

  1. Decrypt the user's private key P-x with the user's password.
  2. Find P+x(S). (If it's not stored, that means nobody shared the data with the poor user x).
  3. Using the private key, decrypt the stored data: P-x(P+x(S)) = S.
  4. Using S, decrypt the stored encrypted S(d): S(S(d)) = d.


Answered By - phihag

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...