Menu
I am trying to create a secured message transfer system for cross platform (web, android and iOS).
So, I want all API data transfers should be done with encryption and decryption.
So, if an App (android and iOS) wants to send a message, that should be encrypted and the data should be decrypted by PHP and if server wants to send JSON to app, that JSOn should be encrypted and when it is received, the app will decrypt it and use that.
As for example- let we may have a JSON response from server like this-
{
"widget": "not-available",
"debug": "on",
"window": "open",
"image": "example.widget.com/anything.jpg"
}
And that should be sent by server like this-
{
"widget": "@dsdjk4$kjh6&",
"debug": "#r$gHYUJ%",
"window": "#jkhG%jHG%jb*kJH",
"image": "JH4fgdt5%(0jjlkh)nl,k&&"
}
And the app will convert it to it after decryption-
{
"widget": "not-available",
"debug": "on",
"window": "open",
"image": "example.widget.com/anything.jpg"
}
Is there any common way to do that?
If yes, then please let me know. I don't need the whole code (if any example is provided, it will be more helpful), but please let me know where can I find the solution.
464
If you just need the data encrypted while in transit just use https. Pin the certificate to avoid MITM attacks. On the server side use TLS 1.2 and Forward security.
Basically https encrypts the data with a symmetric algorithm such as AES and a random key and the key is encrypted with a asymmetric algorithm such as RSA in conjunction with the server certificate.
If for some reason that does not meet your requirements consider using RNCryptor, rolling one's own encryption methods in general results in an insecure scheme unless one is well versed in cryptographic usage.
61
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
