?
Solved

Very simple encrypt/decrypt

Posted on 2004-09-12
17
Medium Priority
?
299 Views
Last Modified: 2008-01-09
I need to send a variable containing the direcory and filename of a file that the user will be able to download, with a GET variable. I would like to encrypt this variable, and then decrypt it on the other side, using a very simple encrypt/decrypt scheme.  Something with a salt, but not so complicated as what I have seen. My initial reaction was to serialize it, but as far as I can tell I cant use a salt.
0
Comment
Question by:zixp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +2
17 Comments
 
LVL 1

Expert Comment

by:f0rdmstang
ID: 12041100
You could use md5 to encrypt but no realy way you can decrypt it.  You could include the md5 in the url and then have a database of some type where you lookup the md5 string you gave them and reference the directory or file.

MD5 String                       Directory/File
djd8sdfdsdfj2o3jf8             files/thisfile.jpg
fdj3jfr90fsld8sdfjk              files/mydoc.doc
dsflkj3999f3kfjsl3               files/workbook.xls

Look up the MD5 that is passed in the url and you have the file they need to get.
0
 
LVL 7

Expert Comment

by:aib_42
ID: 12041103
If you have some sort of access to a database or a temporary file, why pass the information through the user anyway? Just create a temporary storage for the filename, give it an ID, and then pass the ID through the user, "decoding" it to a filename on the other side.

If you are working on a *nix server, you have access to System V-type IPC functions as well. You could create a message queue or shared memory area (or even a pipe using system calls), and pass the "id" or the "name" of the IPC object through the user.
0
 

Author Comment

by:zixp
ID: 12041129
I would preffer to keep my database out of the equation, because the reason I have to pass the info in a GET var is because I have to create links on the fly for 3000+ files, so if I could encrypt and decrypt (with a secret salt) it would be the best.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Expert Comment

by:f0rdmstang
ID: 12041163
a friend of mine has some JavaScript code that does some encrypt decrypt stuff that might be of help

http://howtocode.net/htc_encode.php

My idea is to feed the encrypted string into the url and pass it to your HTML page that would incrypt it and display a link to the decrypted file path/name.
0
 

Author Comment

by:zixp
ID: 12041177
javascript opens some secuity holes that I dont want to deal with
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12041623
You can use the mcrypt - functions of PHP if your PHP is compiled with the mcrypt -extension.
There are very good and easy to use crypt/decrypt functions. See: http://de.php.net/mcrypt and there the examples given.
0
 
LVL 1

Accepted Solution

by:
kroplis earned 500 total points
ID: 12041741
Well, you can try this - it's fairly simple but kinda hard to crack without salt:

function my_crypt($str2crypt, $salt){

    $max = strlen($salt);
    $counter = 0;
    $output = "";
   
    for($i = 0; $i < strlen($str2crypt); $i++){
        if ($counter == $max)
            $counter = 0;
        $current = ord(substr($str2crypt, $i, 1));
        $salt_current = ord(substr($salt, $counter, 1));
        $modified = $current + $salt_current;
        $output .= dechex($modified);
        $counter++;
    }

    return $output;
}
function my_decrypt($str2decrypt, $salt){

    $max = strlen($salt);
    $counter = 0;
    $output = "";

    for($i = 0; $i < strlen($str2decrypt); $i += 2){
        if ($counter == $max)
                 $counter = 0;
        $current = hexdec(substr($str2decrypt, $i, 2));
        $salt_current = ord(substr($salt, $counter, 1));
        $modified = $current - $salt_current;
        $output .= chr($modified);
        $counter++;
    }

    return $output;
}
--

$crypted = my_crypt("folder/specialzip.zip", "salt");
echo $crypted." - ".my_decrypt($crypted, "salt");
produces:
d9d0d8d8d8d39be7e3c6cfddd4cde6dde38fe6dde3 - folder/specialzip.zip
it also works pretty well with an empty $salt argument.


this what you're looking for?
0
 

Author Comment

by:zixp
ID: 12043316
Wow, that was more than I was expecting.  Thanks!
0
 
LVL 1

Expert Comment

by:kroplis
ID: 12044847
Glad i could help. Besides, I enjoyed the time I spent coding it :)
0
 

Author Comment

by:zixp
ID: 12049775
I just realized that the code posted fails when there is a single quote in the file name.  Any ideas on the culprit?
0
 
LVL 1

Expert Comment

by:kroplis
ID: 12049813
Umm, it really shouldn't do that. I just tried it myself and it works fine:
$crypted = my_crypt("file_the_'mean'", "booga");
echo $crypted." - ".my_decrypt($crypted, "booga")."\n";

produces

c8d8dbccc0d6d7d4c688cfd4d0d588 - file_the_'mean'

in what way does it fail?
maybe you mixed up double quotes and single quotes somewhere or something like that?
e.g.
$filename = 'file_the_'mean'';

anyway, if the problem persists, You can always do a str_replace($file, "'", "?");
and after decrypting do a str_replace($file, "?", "'");

hope this helps :)
0
 

Author Comment

by:zixp
ID: 12049865
if the file has an single quote (like if the file name is: "john doe's summer picture.jpg") it doesnt work right, I have gone through the code (you meant to have an open{ and close } after "if ($counter == $max)" right?) but I cant find what could be causing it.
0
 
LVL 1

Expert Comment

by:kroplis
ID: 12049934
Well the bracket thingies are not neccessary, since there's only one statement, but i guess it's more appropriate to use them, anyway :)

anyway, it should all work nicely, if no characters used ASCII value is less than 128, and ' ASCII value is 39. that's weird.

have you tried to replace the apostrophe with a question mark prior to encrypting and then replacing it back after decrypting? that should be a workaround good enough.

the weirdest thing is, it work's perfectly for me - using a salt "booga" i get
ccded7d581c6ded48ed482e2e4d4cec7e18fd7cac5e3e4d9c690d9dfce - john doe's summer picture.jpg

in what way it fails? does the PHP die with an error or does it decrpyt it wrong?
0
 

Author Comment

by:zixp
ID: 12049998
it just decrypts wrong and tells me that it cant find the file. It could be in my script  (though I was using it before without the problem), but in the worst case Ill use the '?'. I shouldnt have to post here again, but thank you for coming back to it
0
 
LVL 1

Expert Comment

by:kroplis
ID: 12050009
no problem.
good luck in bug hunting :)
if there's a bug in my script, feel free to flame here :)
0
 

Author Comment

by:zixp
ID: 12050046
sorry, I feel like such an idiot. I was passing the file name with a get variable to use as the salt, and that was the problem. I set it to use substr($file, -3) instead for the salt (But Ill still pass the whole filename so its not obvious ;)  Thanks again
0
 
LVL 1

Expert Comment

by:kroplis
ID: 12050057
hey, at least you have one workaround now in case things go bad :))

Glad i could help :)
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question