Solved

Very simple encrypt/decrypt

Posted on 2004-09-12
17
291 Views
Last Modified: 2008-01-09
I need to send a variable containing the direcory and filename of a file that the user will be able to download, with a GET variable. I would like to encrypt this variable, and then decrypt it on the other side, using a very simple encrypt/decrypt scheme.  Something with a salt, but not so complicated as what I have seen. My initial reaction was to serialize it, but as far as I can tell I cant use a salt.
0
Comment
Question by:zixp
  • 7
  • 6
  • 2
  • +2
17 Comments
 
LVL 1

Expert Comment

by:f0rdmstang
Comment Utility
You could use md5 to encrypt but no realy way you can decrypt it.  You could include the md5 in the url and then have a database of some type where you lookup the md5 string you gave them and reference the directory or file.

MD5 String                       Directory/File
djd8sdfdsdfj2o3jf8             files/thisfile.jpg
fdj3jfr90fsld8sdfjk              files/mydoc.doc
dsflkj3999f3kfjsl3               files/workbook.xls

Look up the MD5 that is passed in the url and you have the file they need to get.
0
 
LVL 7

Expert Comment

by:aib_42
Comment Utility
If you have some sort of access to a database or a temporary file, why pass the information through the user anyway? Just create a temporary storage for the filename, give it an ID, and then pass the ID through the user, "decoding" it to a filename on the other side.

If you are working on a *nix server, you have access to System V-type IPC functions as well. You could create a message queue or shared memory area (or even a pipe using system calls), and pass the "id" or the "name" of the IPC object through the user.
0
 

Author Comment

by:zixp
Comment Utility
I would preffer to keep my database out of the equation, because the reason I have to pass the info in a GET var is because I have to create links on the fly for 3000+ files, so if I could encrypt and decrypt (with a secret salt) it would be the best.
0
 
LVL 1

Expert Comment

by:f0rdmstang
Comment Utility
a friend of mine has some JavaScript code that does some encrypt decrypt stuff that might be of help

http://howtocode.net/htc_encode.php

My idea is to feed the encrypted string into the url and pass it to your HTML page that would incrypt it and display a link to the decrypted file path/name.
0
 

Author Comment

by:zixp
Comment Utility
javascript opens some secuity holes that I dont want to deal with
0
 
LVL 48

Expert Comment

by:hernst42
Comment Utility
You can use the mcrypt - functions of PHP if your PHP is compiled with the mcrypt -extension.
There are very good and easy to use crypt/decrypt functions. See: http://de.php.net/mcrypt and there the examples given.
0
 
LVL 1

Accepted Solution

by:
kroplis earned 125 total points
Comment Utility
Well, you can try this - it's fairly simple but kinda hard to crack without salt:

function my_crypt($str2crypt, $salt){

    $max = strlen($salt);
    $counter = 0;
    $output = "";
   
    for($i = 0; $i < strlen($str2crypt); $i++){
        if ($counter == $max)
            $counter = 0;
        $current = ord(substr($str2crypt, $i, 1));
        $salt_current = ord(substr($salt, $counter, 1));
        $modified = $current + $salt_current;
        $output .= dechex($modified);
        $counter++;
    }

    return $output;
}
function my_decrypt($str2decrypt, $salt){

    $max = strlen($salt);
    $counter = 0;
    $output = "";

    for($i = 0; $i < strlen($str2decrypt); $i += 2){
        if ($counter == $max)
                 $counter = 0;
        $current = hexdec(substr($str2decrypt, $i, 2));
        $salt_current = ord(substr($salt, $counter, 1));
        $modified = $current - $salt_current;
        $output .= chr($modified);
        $counter++;
    }

    return $output;
}
--

$crypted = my_crypt("folder/specialzip.zip", "salt");
echo $crypted." - ".my_decrypt($crypted, "salt");
produces:
d9d0d8d8d8d39be7e3c6cfddd4cde6dde38fe6dde3 - folder/specialzip.zip
it also works pretty well with an empty $salt argument.


this what you're looking for?
0
 

Author Comment

by:zixp
Comment Utility
Wow, that was more than I was expecting.  Thanks!
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Expert Comment

by:kroplis
Comment Utility
Glad i could help. Besides, I enjoyed the time I spent coding it :)
0
 

Author Comment

by:zixp
Comment Utility
I just realized that the code posted fails when there is a single quote in the file name.  Any ideas on the culprit?
0
 
LVL 1

Expert Comment

by:kroplis
Comment Utility
Umm, it really shouldn't do that. I just tried it myself and it works fine:
$crypted = my_crypt("file_the_'mean'", "booga");
echo $crypted." - ".my_decrypt($crypted, "booga")."\n";

produces

c8d8dbccc0d6d7d4c688cfd4d0d588 - file_the_'mean'

in what way does it fail?
maybe you mixed up double quotes and single quotes somewhere or something like that?
e.g.
$filename = 'file_the_'mean'';

anyway, if the problem persists, You can always do a str_replace($file, "'", "?");
and after decrypting do a str_replace($file, "?", "'");

hope this helps :)
0
 

Author Comment

by:zixp
Comment Utility
if the file has an single quote (like if the file name is: "john doe's summer picture.jpg") it doesnt work right, I have gone through the code (you meant to have an open{ and close } after "if ($counter == $max)" right?) but I cant find what could be causing it.
0
 
LVL 1

Expert Comment

by:kroplis
Comment Utility
Well the bracket thingies are not neccessary, since there's only one statement, but i guess it's more appropriate to use them, anyway :)

anyway, it should all work nicely, if no characters used ASCII value is less than 128, and ' ASCII value is 39. that's weird.

have you tried to replace the apostrophe with a question mark prior to encrypting and then replacing it back after decrypting? that should be a workaround good enough.

the weirdest thing is, it work's perfectly for me - using a salt "booga" i get
ccded7d581c6ded48ed482e2e4d4cec7e18fd7cac5e3e4d9c690d9dfce - john doe's summer picture.jpg

in what way it fails? does the PHP die with an error or does it decrpyt it wrong?
0
 

Author Comment

by:zixp
Comment Utility
it just decrypts wrong and tells me that it cant find the file. It could be in my script  (though I was using it before without the problem), but in the worst case Ill use the '?'. I shouldnt have to post here again, but thank you for coming back to it
0
 
LVL 1

Expert Comment

by:kroplis
Comment Utility
no problem.
good luck in bug hunting :)
if there's a bug in my script, feel free to flame here :)
0
 

Author Comment

by:zixp
Comment Utility
sorry, I feel like such an idiot. I was passing the file name with a get variable to use as the salt, and that was the problem. I set it to use substr($file, -3) instead for the salt (But Ill still pass the whole filename so its not obvious ;)  Thanks again
0
 
LVL 1

Expert Comment

by:kroplis
Comment Utility
hey, at least you have one workaround now in case things go bad :))

Glad i could help :)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now