Public key enryption of form data

Hi all.

As i've seen that some people were asking how to encrypt the form data to mail or store in a database, i decieded to post my solution here.
I have no time write a complete tutorial or comment the code or translate all german words, but i think it could help some guys.

Please note: This is really quick and dirty (especially the Java) code and i have no time to answer questions to the code here or via mail.
So don't waste your time by writing me mails or post questions here.(well, maybe some other guys can help you)


Ok, let's start.

The encryption is done with PHP's openssl_seal() method and the form data is attached as encrypted cvs file to the mail and all other attachments (like uploaded files) are encrypted too.
To wrap the encrypted envelope and the encrypted data i use a simple xml file. The decryption is done by a simple java app: http://rapidshare.com/files/168757336/DeSeal.tar.bz2.html
Where the java app base on the code by Harry Fuecks http://blog.local.ch/archive/2007/10/29/openssl-php-to-java.html

Here is the sample form code:

<fieldset>
    <div class="form_item">
        <div class="form_element cf_dropdown">
            <label class="cf_label">Anrede:</label><select id="select_20" size="1" name="anrede" title="Bitte treffen Sie eine Auswahl">
                <option value="none">Bitte wählen:</option>
                <option value="Herr">Frau</option>
                <option value="Herr">Herr</option>
            </select>
        </div>

        <div class="clear">
             
        </div>
    </div>
	<div class="form_item">
		<div class="form_element cf_fileupload">
			<label class="cf_label">Passbild</label>
			<input class="cf_inputbox" size="20" id="file_0" name="passbild" type="file"><a style="margin-left: 200px;" onclick="return false;" class="tooltiplink"><img src="components/com_chronocontact/css/images/tooltip.png" class="tooltipimg" border="0" height="16" width="16" /></a>
            		<div class="tooltipdiv">
                		:: Wenn Sie einen Mitgliedsausweis mit Lichtbild wünschen können Sie dieses hier hochladen. Das Bild muss die Dateindung ".jpg" oder ".png" haben und darf maximal 2 MB groß sein.
				Wenn Sie kein Bild hochladen wird ihr Mitgliedsausweis nur in Verbindung mit einem amtlichen Lichtbildausweis gültig sein.
			</div>
		</div>
		<div class="clear"> </div>
	</div>
    <div class="form_item">
        <div class="form_element cf_textbox">
            <label class="cf_label">Name:</label> <input  maxlength="150" size="30" id="text_5" name="name" type="text" title="Bitte ausfüllen" />
        </div>
        <div class="form_element cf_textbox">
            <label class="cf_label">Vorname:</label> <input  maxlength="150" size="30" id="text_17" name="vorname" type="text" title="Bitte ausfüllen" />
        </div>
        <div class="clear">
             
        </div>
    </div>

    <div class="form_item">
        <div class="form_element cf_textbox">
            <label class="cf_label">Straße:</label> <input  maxlength="150" size="30" id="text_9" name="strasse" type="text" title="Bitte ausfüllen" />
        </div>
        <div class="form_element cf_textbox">
            <label class="cf_label">Hausnummer:</label><input  maxlength="10" size="5" id="text_16" name="hausnummer" type="text" title="Bitte ausfüllen" />
        </div>
        <div class="clear">
             
        </div>
    </div>

    <div class="form_item">
        <div class="form_element cf_textbox">
            <label class="cf_label">Postleitzahl:</label><input class="cf_inputbox" maxlength="5" size="5" id="text_14" name="plz" type="text" title="Bitte ausfüllen" />
        </div>
        <div class="form_element cf_textbox">
            <label class="cf_label">Ort:</label><input  maxlength="150" size="30" id="text_15" name="ort" type="text" title="Bitte ausfüllen" />
        </div>
        <div class="clear">
             
        </div>
    </div>
    <div class="form_item">
        <div class="form_element cf_button1">
            <div>
                <input value="Absenden" class="cf_button1" id="submit" name="submit" type="submit" size="20" />
            </div>
        </div>

        <div class="clear">
             
        </div>
    </div>
</fieldset>

Here is the onSubmit code:

<?php
	$PUBLIC_KEY_FILE = "/path/to/public_key.pem";

	function encrypt_data($pubfile, $outfile, $raw_data) {

		$public_key = openssl_get_publickey(file_get_contents($pubfile));
		
		$ret = openssl_seal($raw_data, $enc_data, $env, array($public_key));
		

		openssl_free_key($public_key);
	
		$xml_output = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"
			. "<sealed>"
			. "<envelope>" . base64_encode($env[0]) . "</envelope>"
			. "<data>" . base64_encode($enc_data) . "</data>"
			. "</sealed>";

		file_put_contents($outfile, $xml_output);
	}

	foreach ($attachments as $attachment => $file) {
		$filename = $file . ".xml";
		encrypt_data($PUBLIC_KEY_FILE, $filename, file_get_contents($file));
		$attachments[$attachment] = $filename;
	}

	$plainvars = "\"".JRequest::getVar("anrede") ."\","
	. "\"".JRequest::getVar("passbild")  ."\","
	. "\"".JRequest::getVar("name")  ."\","
	. "\"".JRequest::getVar("vorname")  ."\","
	. "\"".JRequest::getVar("strasse")  ."\","
	. "\"".JRequest::getVar("hausnummer")  ."\","
	. "\"".JRequest::getVar("plz")  ."\","
	. "\"".JRequest::getVar("ort")  ."\","
	. "\"".$_SERVER["REMOTE_ADDR"]."\","
	. "\"".date("c", $_SERVER["REQUEST_TIME"])."\"";

	encrypt_data($PUBLIC_KEY_FILE, JPATH_COMPONENT.DS."uploads".DS.$formname.DS."form.cvs.xml", $plainvars);
	$attachments["form_data"] = JPATH_COMPONENT.DS."uploads".DS.$formname.DS."form.cvs.xml";
?>

That's all. Nothing more🙂

Thanks for posting this!

Regards
Max