Solved

Very simple encrypt/decrypt

Posted on 2004-09-12
17
297 Views
Last Modified: 2008-01-09
I need to send a variable containing the direcory and filename of a file that the user will be able to download, with a GET variable. I would like to encrypt this variable, and then decrypt it on the other side, using a very simple encrypt/decrypt scheme.  Something with a salt, but not so complicated as what I have seen. My initial reaction was to serialize it, but as far as I can tell I cant use a salt.
0
Comment
Question by:zixp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +2
17 Comments
 
LVL 1

Expert Comment

by:f0rdmstang
ID: 12041100
You could use md5 to encrypt but no realy way you can decrypt it.  You could include the md5 in the url and then have a database of some type where you lookup the md5 string you gave them and reference the directory or file.

MD5 String                       Directory/File
djd8sdfdsdfj2o3jf8             files/thisfile.jpg
fdj3jfr90fsld8sdfjk              files/mydoc.doc
dsflkj3999f3kfjsl3               files/workbook.xls

Look up the MD5 that is passed in the url and you have the file they need to get.
0
 
LVL 7

Expert Comment

by:aib_42
ID: 12041103
If you have some sort of access to a database or a temporary file, why pass the information through the user anyway? Just create a temporary storage for the filename, give it an ID, and then pass the ID through the user, "decoding" it to a filename on the other side.

If you are working on a *nix server, you have access to System V-type IPC functions as well. You could create a message queue or shared memory area (or even a pipe using system calls), and pass the "id" or the "name" of the IPC object through the user.
0
 

Author Comment

by:zixp
ID: 12041129
I would preffer to keep my database out of the equation, because the reason I have to pass the info in a GET var is because I have to create links on the fly for 3000+ files, so if I could encrypt and decrypt (with a secret salt) it would be the best.
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 1

Expert Comment

by:f0rdmstang
ID: 12041163
a friend of mine has some JavaScript code that does some encrypt decrypt stuff that might be of help

http://howtocode.net/htc_encode.php

My idea is to feed the encrypted string into the url and pass it to your HTML page that would incrypt it and display a link to the decrypted file path/name.
0
 

Author Comment

by:zixp
ID: 12041177
javascript opens some secuity holes that I dont want to deal with
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12041623
You can use the mcrypt - functions of PHP if your PHP is compiled with the mcrypt -extension.
There are very good and easy to use crypt/decrypt functions. See: http://de.php.net/mcrypt and there the examples given.
0
 
LVL 1

Accepted Solution

by:
kroplis earned 125 total points
ID: 12041741
Well, you can try this - it's fairly simple but kinda hard to crack without salt:

function my_crypt($str2crypt, $salt){

    $max = strlen($salt);
    $counter = 0;
    $output = "";
   
    for($i = 0; $i < strlen($str2crypt); $i++){
        if ($counter == $max)
            $counter = 0;
        $current = ord(substr($str2crypt, $i, 1));
        $salt_current = ord(substr($salt, $counter, 1));
        $modified = $current + $salt_current;
        $output .= dechex($modified);
        $counter++;
    }

    return $output;
}
function my_decrypt($str2decrypt, $salt){

    $max = strlen($salt);
    $counter = 0;
    $output = "";

    for($i = 0; $i < strlen($str2decrypt); $i += 2){
        if ($counter == $max)
                 $counter = 0;
        $current = hexdec(substr($str2decrypt, $i, 2));
        $salt_current = ord(substr($salt, $counter, 1));
        $modified = $current - $salt_current;
        $output .= chr($modified);
        $counter++;
    }

    return $output;
}
--

$crypted = my_crypt("folder/specialzip.zip", "salt");
echo $crypted." - ".my_decrypt($crypted, "salt");
produces:
d9d0d8d8d8d39be7e3c6cfddd4cde6dde38fe6dde3 - folder/specialzip.zip
it also works pretty well with an empty $salt argument.


this what you're looking for?
0
 

Author Comment

by:zixp
ID: 12043316
Wow, that was more than I was expecting.  Thanks!
0
 
LVL 1

Expert Comment

by:kroplis
ID: 12044847
Glad i could help. Besides, I enjoyed the time I spent coding it :)
0
 

Author Comment

by:zixp
ID: 12049775
I just realized that the code posted fails when there is a single quote in the file name.  Any ideas on the culprit?
0
 
LVL 1

Expert Comment

by:kroplis
ID: 12049813
Umm, it really shouldn't do that. I just tried it myself and it works fine:
$crypted = my_crypt("file_the_'mean'", "booga");
echo $crypted." - ".my_decrypt($crypted, "booga")."\n";

produces

c8d8dbccc0d6d7d4c688cfd4d0d588 - file_the_'mean'

in what way does it fail?
maybe you mixed up double quotes and single quotes somewhere or something like that?
e.g.
$filename = 'file_the_'mean'';

anyway, if the problem persists, You can always do a str_replace($file, "'", "?");
and after decrypting do a str_replace($file, "?", "'");

hope this helps :)
0
 

Author Comment

by:zixp
ID: 12049865
if the file has an single quote (like if the file name is: "john doe's summer picture.jpg") it doesnt work right, I have gone through the code (you meant to have an open{ and close } after "if ($counter == $max)" right?) but I cant find what could be causing it.
0
 
LVL 1

Expert Comment

by:kroplis
ID: 12049934
Well the bracket thingies are not neccessary, since there's only one statement, but i guess it's more appropriate to use them, anyway :)

anyway, it should all work nicely, if no characters used ASCII value is less than 128, and ' ASCII value is 39. that's weird.

have you tried to replace the apostrophe with a question mark prior to encrypting and then replacing it back after decrypting? that should be a workaround good enough.

the weirdest thing is, it work's perfectly for me - using a salt "booga" i get
ccded7d581c6ded48ed482e2e4d4cec7e18fd7cac5e3e4d9c690d9dfce - john doe's summer picture.jpg

in what way it fails? does the PHP die with an error or does it decrpyt it wrong?
0
 

Author Comment

by:zixp
ID: 12049998
it just decrypts wrong and tells me that it cant find the file. It could be in my script  (though I was using it before without the problem), but in the worst case Ill use the '?'. I shouldnt have to post here again, but thank you for coming back to it
0
 
LVL 1

Expert Comment

by:kroplis
ID: 12050009
no problem.
good luck in bug hunting :)
if there's a bug in my script, feel free to flame here :)
0
 

Author Comment

by:zixp
ID: 12050046
sorry, I feel like such an idiot. I was passing the file name with a get variable to use as the salt, and that was the problem. I set it to use substr($file, -3) instead for the salt (But Ill still pass the whole filename so its not obvious ;)  Thanks again
0
 
LVL 1

Expert Comment

by:kroplis
ID: 12050057
hey, at least you have one workaround now in case things go bad :))

Glad i could help :)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question