Geek Answers Handbook

PHP sends encrypted data to url

I am trying to send encrypted data at a URL to another site (using file_get_contents("anotherUrl.php?hash=$encryptedString") . The problem is that sometimes encryption contains some special characters, for example +, and this causes decryption to fail.

Here are my encryption / decryption methods:

 public function encrypt($string, $key) { return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key)))); } public function decrypt($encrypted, $key) { return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0"); }

Here is an example of an encrypted string that contains + , and I assume that this causes decryption to fail.

oWCrVPaS+5GbxcQFc0fulUk/zRAkDD60av4zlPiWskE=

Any ideas how I should solve this? I tried to make urlencode() and urldecode() on the hash, however this also urldecode() encryption. Is there a way to change the encryption algorithm to make it return only safe URL characters?

+9
php base64 url-encoding encryption mcrypt
source share
4 answers

Take a look at this topic:

Passing base64 encoded strings to URL

Essentially, you DO want urlencode() before sending the string, however on the other end you DO NOT want urldecode() .

+18
source share

To solve this problem, I now use the following (after 3 hours of pain) and it works fine.

Feel free to copy and paste

 function encrypt($pure_string) { $dirty = array("+", "/", "="); $clean = array("_PLUS_", "_SLASH_", "_EQUALS_"); $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB); $_SESSION['iv'] = mcrypt_create_iv($iv_size, MCRYPT_RAND); $encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $_SESSION['encryption-key'], utf8_encode($pure_string), MCRYPT_MODE_ECB, $_SESSION['iv']); $encrypted_string = base64_encode($encrypted_string); return str_replace($dirty, $clean, $encrypted_string); } function decrypt($encrypted_string) { $dirty = array("+", "/", "="); $clean = array("_PLUS_", "_SLASH_", "_EQUALS_"); $string = base64_decode(str_replace($clean, $dirty, $encrypted_string)); $decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $_SESSION['encryption-key'],$string, MCRYPT_MODE_ECB, $_SESSION['iv']); return $decrypted_string; }
+7
source share

Instead of using Base64 to encode your data, you can also use Base32 (RFC 4648), which is URL-safe because it uses only the letters A - Z (case insensitive) and the numbers 2-7. There is already a PHP library for encoding / decoding. Please note that Base32 takes ~ 20% more space than Base64.

You can also use URLcrypt, which is a handy library that helps you with Base32 encryption and encryption.

+4
source share
 class Encryption { var $skey = "SuPerEncKey2010"; // you can change it public function safe_b64encode($string) { $data = base64_encode($string); $data = str_replace(array('+','/','='),array('-','_',''),$data); return $data; } public function safe_b64decode($string) { $data = str_replace(array('-','_'),array('+','/'),$string); $mod4 = strlen($data) % 4; if ($mod4) { $data .= substr('====', $mod4); } return base64_decode($data); } public function encode($value){ if(!$value){return false;} $text = $value; $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->skey, $text, MCRYPT_MODE_ECB, $iv); return trim($this->safe_b64encode($crypttext)); } public function decode($value){ if(!$value){return false;} $crypttext = $this->safe_b64decode($value); $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->skey, $crypttext, MCRYPT_MODE_ECB, $iv); return trim($decrypttext); } }
0
source share

More articles:


All Articles