Needing a crypt/decrypt fair of functions

Forum Moderators: coopster

Message Too Old, No Replies

Needing a crypt/decrypt fair of functions

passing sensitive data

httpwebwitch

6:07 pm on Nov 18, 2003 (gmt 0)

For legal reasons, I can't have any non-encrypted data being passed around in GET, POST, SESSION, or any other collection.

I need to pass a little morsel of text (under 100 chars) from Script A to Script B, encrypted en route. Script B needs to be able to decrypt it flawlessly back to its original state.

I can easily have a key in both scripts.

The functions need to handle a string using the entire Unicode set, including punctuation, accented characters, etc.

Do any of you know a good way to do this? Is there a pair of functions that will do a nice 2-way encryption?

Thanks,
httpwebwitch

jatar_k

6:15 pm on Nov 18, 2003 (gmt 0)

why not just get a secure certificate and use https?

I guess you might have to change your nick the to httpswebwitch ;)

DrDoc

7:48 pm on Nov 18, 2003 (gmt 0)

https is the way to go... :)

httpwebwitch

8:23 pm on Nov 18, 2003 (gmt 0)

https is not going to work in this case :-(

I should more clearly explain what I want - I need an "obfuscator" - something that will mungle up some data in the querystring so it's unreadable. Then a corresponding function to un-obfuscate it.

I could spend a few hours making a simple cipher that MODs ASCII codes around using a key, but I'm looking for a nice, well-tested cookbook solution.

Timotheos

8:33 pm on Nov 18, 2003 (gmt 0)

Would this work?
ht*p://www.hansanderson.com/php/crypto/

DrDoc

10:28 pm on Nov 18, 2003 (gmt 0)

And it wouldn't work to store the data in a database, and delete it after retreiving it on the next page?

jatar_k

10:31 pm on Nov 18, 2003 (gmt 0)

the only problem is if you use a cookbook solution the algo for encrypt/decrypt is floating around out there. If legal is that strict then you would have to do a custom job.

Why wouldn't https work? Not that I don't believe you, just a strange situation.

jomaxx

5:51 am on Nov 19, 2003 (gmt 0)

The algo shouldn't matter, as long as you have a secure and sufficiently long password/encryption key. Although in theory a hacker could submit the form numerous times with different inputs, and use the data to break the code.

I guess this is going from one domain to another? Otherwise you could just store the data client-side, in a cookie.

httpwebwitch

9:21 pm on Nov 26, 2003 (gmt 0)

ht*p://www.hansanderson.com/php/crypto/

That's exactly what I needed. thanks!