There should be no reason why the public and private keys need to be embedded in the PHP script. PHP can read from files - however, this is not necessarily any more secure. The PHP sources shouldn't be pubilcly accessible on a secure setup. Regards, Michael Erskine.