stackoom
  简体   繁体   中英

Encrypt / Decrypt with Private key

 原文  2011-06-16 18:18:18       php/ flash/ security/ encryption/ private-key

Question

I would like to implement some security in some of the Flash/PHP applications that I have.

I have some Flash apps that communicate with PHP files, and the PHP is sending the data as get string ( eg: name=John&sname=Doe&age=24&balance=12.4 ). Instead of all these variables, I would like it to send a single variable ( eg: flashvar=jr9afgaw9-fg90agfawf7gw ) that would contain those values, so then Flash would decrypt the string and get the real and useful vars.

I want to encrypt this using a private key and use the same private key to decrypt this inside Flash. If someone would want to decode the message PHP sends, he would have to decompile the flash file and find the private key I'm using in Flash to decode the message and then decode it.

The reason I posted here is because I want to use an encryption algorithm that allows only the use of a private key for encryption/decryption.

I'm new in the cryptography field and I'd like some suggestions for this.

Thank you!

3 answers

solution1
 3 ACCPTED  2011-06-16 18:29:46

A "shared private key" is refered to as a symmetric key. The standard symmetric algorithm in use today is AES . I have no idea if php, or flash, have the capability of using AES (Google does), but if they do, you could hard code an AES key in your code and use it to encrypt and decrypt data. However, hard coding a key is very bad cryptography and is little more than obfuscation.

Another thing to keep in mind is the cipher mode you are using. Cipher Block Chaining (CBC) requires the use of an initialization vector (sort of like a salt for a hash), so two of the same values encrypted with the same key, but different IV, will result in differen cipher text. ECB does not need an initialization vector, but is less secure. For your needs I would go with ECB so you dont have to worry about an IV.

Google is a very good way of finding information, you should use it.

solution2
 1  2011-06-16 18:41:58

After a quick search, I saw that ActionScript 3 has support for encryption throught ASCrypt3 library. According to the website, AES Rijndael is supported.

Rijndael is also supported in PHP using the mcrypt extension. Here's a pretty good example taken from the manual : 

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = "This is a very secret key";
$text = "Meet me at 11 o'clock behind the monument.";
echo strlen($text) . "\n";

$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
echo strlen($crypttext) . "\n";

solution3
 0  2011-06-16 20:20:54

If You want to encrypt data I would go with the ASCrypt3o library.
It works very well and supports multiple types of encryption.
You can see a demo of it here click on the secret key tab.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Encrypt and decrypt with the same private key? PHP: Encrypt a file using public key and decrypt using private key phpseclib/jsbn: encrypt with public key in PHP, decrypt with private key in jsbn Encrypt data by using a public key in c# and decrypt data by using a private key in php How can I encrypt and decrypt large string using private key and public key in php? Using code signing private key to encrypt in PHP, need to decrypt in C# using public key Can we Encrypt data with private key in angular and Decrypt data with public key in PHP using RSA Encryption? Encrypt and decrypt a license key in PHP php encrypt decrypt with key in database encrypt and decrypt with phpseclib using rsa public and private key , getting decryption error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM