Geek Answers Handbook

What is the best way to encrypt / decrypt a json string

I have a web server running mysql and php that send data to json string.

I have a second web server that reads the data and then displays them.

At the moment, everything is working fine.

I need to add some important data to a string, so I was wondering what is the best way to encrypt / decrypt json using php?

Can someone help !?

+8
json php mysql
source share
6 answers

I am sure that the best way is to use SSL (HTTPS), and I recommend that you read the OWASP Handbook and especially the Help Section .

+9
source share

I always liked MCRYPT

//Key $key = 'SuperSecretKey'; //To Encrypt: $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, 'I want to encrypt this', MCRYPT_MODE_ECB); //To Decrypt: $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_ECB);

If this is what you are looking for. It will treat JSON as a string, and then after decrypting it, you will need to do your json_decode() or whatever you do.

+13
source share

It really depends on how sensitive the data is. However, from my experience, simple php encryption usually does the trick. I usually encrypted sensitive fields in json data fields before encoding them in a json string.

Here is the code for the encryption part.

$ key = 'password for (en / de) crypt'; $ string = 'string for encryption'; // mark spaces

Encrypt:

 $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));

To decrypt:

 $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");

However, you should always use hash (MD5, SHA1) passwords, preferably with some salt.

+5
source share

Store the private key on the server and use DES encryption; This is a two-way algorithm.

EDIT:

According to the comments, it seems I misinterpreted the question. My assumption was that the OP would like to send encrypted data on the Internet, like in an email or something, and then return the data later and be able to decrypt it. I will definitely clarify future comments in the future before posting a response.

+1
source share

Use Open SSL:

http://www.php.net/manual/en/book.openssl.php

You can create a public / private key pair without the need to use https if it is not available.

0
source share

Of course, SSL (HTTPS) is required for secure data transfer over the Internet.

But there are still reasons to encrypt json data before you send it.

I am having a problem with json data encryption. This was caused by "\ t" in json data. Before encryption, you must delete them. Otherwise, there will be a problem when you want to decrypt it back to propper json format.

$ plain_txt = str_replace ("\ r", '', $ plain_txt);

$ plain_txt = str_replace ("\ n", '', $ plain_txt);

$ plain_txt = str_replace ("\ t", '', $ plain_txt);

See a working example: https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba

-one
source share

More articles:


All Articles