PHP Developer Solutions

Encryption and Key Management for Compliance

A variety of compliance regulations now require that Enterprise customers separate encryption keys from the data that they protect. For PHP developers this means storing encryption keys on an external appliance designed for this purpose, and securely retrieving encryption keys in PHP applications as they are needed for encryption and decryption tasks. Alliance Key Manager is an affordable solution that meets all compliance regulations for the secure creation, management, storage, and distribution of encryption keys. Alliance Key Manager is FIPS-140-2 certified (certificate number 1449) and is perfect for use in PHP applications.

 

Encryption can be a challenge for PHP developers. The Alliance AES Encryption libraries for Linux and Unix platform provide the PHP developer a way to incorporate NIST-certified AES encryption into their PHP applications.

PHP Encryption Key Retrieval

Any application that can create a secure and authenticated TLS connection to the Alliance Key Manager can request and receive encryption keys for use in their applications. PHP directly supports TLS communications and can retrieve keys from AKM. You can store the client side certificate and private key files on your local system and reference them in your PHP application, make the TLS connection, format the key retrieval request, and retrieve an encryption key for use in your applications. A technical HOWTO document provides sample code that you can use as a starting point in your applications.

Wire Protocol Eliminates Libraries

The interface to the Alliance Key Manager is a “wire” protocol. This means that there is no client side software required for key retrieval. You will not need to write wrapper code around shared libraries, or use similar techniques for key retrieval. The PHP language has all of the required features needed to retrieve keys. This also means that you will not have complex package update requirements for your Linux or Unix operating environment.

Alliance Key Manager Documentation and Sample Code

The Alliance Key Manager product CD contains documentation on the use of the Alliance Key Manager from PHP programs and sample application code that you can use to get started.

Encryption Key Management APIs

Most Enterprise customers use the Linux security administrator’s command line application, or the Alliance Windows key management application, to create and manage encryption keys on the Alliance Key Manager appliance. However there are certain applications that need to perform key management functions under program control. Through the Linux command line console application, Alliance Key Manager provides commands to enable all of the normal encryption key management functions including creating encryption keys, rotating keys, revoking keys, and so forth. More than 80 commands are provided for every aspect of key management. You can create your own PHP interfaces to the command line application to manage keys.

AES Encryption Libraries

Townsend Security provides NIST-certified AES encryption libraries on a wide variety of platforms including Linux and Unix. On Linux and Unix systems the software is delivered as a shared library in the package format appropriate for the OS. You can use PHP Extensions to access these AES encryption functions. These AES libraries are NIST certified through the AES Validation program, and interoperate with Townsend AES libraries on a variety of other platforms including Linux, Unix, IBM i (AS/400, iSeries), and IBM System z Mainframe platforms. You can encrypt on one platform and decrypt on a different platform without exposing the data during transport. For more information about the Townsend AES encryption APIs click here.

Tokenization for PHP Developers

Tokenization is an alternative data protection method that preserves the format of the original data. The Townsend Alliance Token Manager solution provides tokenization services to PHP applications and applications on all over major operating systems.