trowa
asked on
Simple .NET encryption/ decryption functions for URL parameter?
I got a requirement to encrypt a portion of URL.
For example, I have:
http://mydomain.com/test/para1
How can I encrypt "para1" so that it's readable and valid as part of a complete URL?
After the encryption, it can become something like this:
http://mydomain.com/test/HTtgj3d090e879da792179ed87wbl
But afterall, it's still a valid URL. (avoid encrypted key contains chars like / ? , etc)
Please advise how to do that. Thank you.
For example, I have:
http://mydomain.com/test/para1
How can I encrypt "para1" so that it's readable and valid as part of a complete URL?
After the encryption, it can become something like this:
http://mydomain.com/test/HTtgj3d090e879da792179ed87wbl
But afterall, it's still a valid URL. (avoid encrypted key contains chars like / ? , etc)
Please advise how to do that. Thank you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@HainKurt
That depends on what is being encrypted/decrypted. If its non-sensitive info then sure. If however it's info that must be protected such as access keys, passwords etc. that need to be used on a different form, then it must be encrypted and stored in the database. The database is not a guarantee of secure storage. Clear text passwords (for example) stored in a database are as good as writing those passwords on a scrap of paper.
That depends on what is being encrypted/decrypted. If its non-sensitive info then sure. If however it's info that must be protected such as access keys, passwords etc. that need to be used on a different form, then it must be encrypted and stored in the database. The database is not a guarantee of secure storage. Clear text passwords (for example) stored in a database are as good as writing those passwords on a scrap of paper.
ASKER
@HainKurt
For your info, I'm not involving any database for this.
@Dirk
I got error:
at line:
when put into my class.
Thank you
For your info, I'm not involving any database for this.
@Dirk
I got error:
Unexpected character '$'
at line:
Encrypted = $"{encrStr}:{key}:{iv}";
when put into my class.
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i don't think you will have problem with links, for me i had to use it because of hebrew names and company names with "" / , and all sort of crazy symbols.
the thing that you have to consider is what HainKurt wrote , because base64 is easily reversible and not secure.
the thing that you have to consider is what HainKurt wrote , because base64 is easily reversible and not secure.
what about this
bin2hex
http://php.net/manual/en/function.bin2hex.php
$str = bin2hex("Hello World!");
48656c6c6f20576f726c6421
bin2hex
http://php.net/manual/en/function.bin2hex.php
@trowa what version of C# are you using? String interpolation is a version back at C# 6. Use String.Format then if string interpolation isn't an option for you.
String.Format("{0}:{1}:{2}", encrStr, key, iv);
ASKER
@Dirk
VS 2010 Premium Edition
@HainKurt
Will verify
Thank you.
VS 2010 Premium Edition
@HainKurt
Will verify
Thank you.
ASKER
@HainKurt
But I need a solution in .NET not php.
But I need a solution in .NET not php.
@trowa use String.Format if you're not using C# 6 (which you would not be if you can't use the $ for string interpolation).
ASKER
I have decided to use .Convert.ToBase64String
There will be some security wrappers at backend for the parameters
Thank you for the contributions.
There will be some security wrappers at backend for the parameters
Thank you for the contributions.
with my suggestion, even we do not need to encrypt / decrypt anything, since everything will be in database, out of sight :)