Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Encryption method that's implemented for both php and java?

Tags:

java

php

encryption

I have to pass some strings from a java servlet to a php script. What options are there for encrypting the strings? I'd need a method that is implemented for both java and php (like..a caesar cipher...). Is there any standard encryption method I should be able to get a library for both java and php?

I want to encrypt the strings on the java side, pass to the php script, then let the php script decrypt them.

I can't use https due to the limitations of the provider I'm using.

Thanks

like image 476
user246114 Avatar asked Jul 13 '10 02:07

user246114

People also ask

What are the encryption techniques in PHP?

Methods of PHP Encryption At the moment, developers can opt for several encryption methods, common being hashing, secret key encryption, and envelope encryption method. Every encryption method comes with multiple algorithms or ciphering (each with its own strengths and weaknesses).

How to encrypt number in PHP?

Encrypting Data with openssl_encrypt() The openssl_encrypt() ope function can be applied for encrypting data in PHP. On success, it returns the encrypted string. Otherwise, it returns FALSE.

What is encryption in Java?

Encryption is the process of using mathematical algorithms to obscure the meaning of a piece of information so that only authorized parties can decipher it.

Which encryption algorithm is best in Java?

AES is the industry standard as of now as it allows 128 bit encryption. Apart from that if you're trying to encrypt a password, you should use a hash function to create hash of the encrypted password string. MD5 hash is used mostly for this.

1 Answers

Hopefully this can get you started. Error handling is missing and the secret key is hard coded. Both of those would need to be addressed for production quality code. From the Java side you can use the Java Cryptography Architecture (JCA):

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;

public final void testTesting() throws Exception {
    final String plainText = "plain text";
    final String result = encrypt(plainText);
    System.out.println(result);
}

public String encrypt(final String plainText) throws Exception {
    final byte[] data = plainText.getBytes("UTF-8");
    final byte[] encoded = encrypt(data);
    final String result = new String(encoded);
    return result;
}

public byte[] encrypt(final byte[] data) throws Exception {
    // this is just an example key, real code should use a properly generated shared secret
    final byte[] secret = new byte[] {42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42};
    final SecretKeySpec key = new SecretKeySpec(secret, "AES");

    final Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    encryptCipher.init(Cipher.ENCRYPT_MODE, key);
    final byte[] iv = encryptCipher.getIV();
    final byte[] encrypted = encryptCipher.doFinal(data);

    final int outputLength = encrypted.length;
    final int ivLength = iv.length;

    final byte[] results = new byte[outputLength + ivLength];
    System.arraycopy(iv, 0, results, 0, ivLength);
    System.arraycopy(encrypted, 0, results, ivLength, outputLength);

    return DatatypeConverter.printBase64Binary(encoded);
}

From the PHP side, you are going to need Mcrypt.

<?php
$key = base64_decode('KioqKioqKioqKioqKioqKg==');
$input = base64_decode($_GET['input']);
$plain_text = substr($input, 16);
$initialization_vector = substr($input, 0, 16);
echo pkcs5_unpad(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $plain_text, MCRYPT_MODE_CBC, $initialization_vector));

function pkcs5_unpad($text) {
    $pad = ord($text{strlen($text)-1});
    if ($pad > strlen($text)) {
        return false;
    }
    if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) {
        return false;
    }
    return substr($text, 0, -1 * $pad);
}
?>

The function pkcs5_unpad was copied from here since it seems that PHP Mcrypt doesn't include support for PKCS5 padding. The Java code prefixes the data with the initialization vector used to encrypt it. Subsequently the PHP code splits it into two, the initialization vector and the encrypted data.

This code uses 128 bit AES (Rijndael) in CBC mode which should be secure enough for most uses. In addition to the simple encryption, I recommend using an HMAC as described here to ensure the data isn't tampered with. To perform the HMAC in Java, use the Mac class. For PHP, see Mhash.

like image 81
laz Avatar answered Oct 25 '22 23:10

laz
Sign in to Comment

Related questions

Casting of interfaces
Thread runs only once
Unable to programatically scroll to last item in JList
NullPointerException when trying to add an object to a PriorityQueue
Parameter attributes in c#
The Java interface doesn't declare any exception. How to manage checked exceptions of the implementation?
Conditional operator in if-statement?
Java Garbage Collection
Java Collection performance question
For a HttpGet method what are getParams()?
how to convert mp4 to mp3 in java
What happens if an exception is thrown during finalize()
Why is the return type not considered when differentiating methods? [duplicate]
How to find if the file is a CSV file?
Struts 1 Date Format Tag
How to check the Database Connection leakage in Java EE application?
Exception in AES decryption algorithm in java
Auto Log Off once the session expires
Updating the text of a XWPFParagraph using Apache POI
Understanding the 'finally' block

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!