How can I encrypt/decrypt PHP GET parameters?

Question

I have a regular request, for example:

http://myserver.com/index.php?var1=85842.23&var2=212.235&name=Teddie&valid=1

I would like those $_GET parameters be encrypted to something like (not real, just an example:)):

http://myserver.com/index.php?eParam=ks883d48223v2czozoz227272j2nn2dn2d2du3dh4hn4f4f4f4h3383xh8383s38s3j83sj8s3j92h2s89hs387h2s87hs287h2s87h2ui2c3iuhc287z9m2389f

Of course, I need a built in key on each side, that will be able to decrypt that info. Is there any function that may render that possible ? I am not concerned about the client side, as it will be a running application, not a webpage or anything that would be easily reverse-engineered.

Thanks !

Answer 1

Just use SSL (i.e. HTTPS instead of plain HTTP). Then everything except the DNS look up for the domain and that a connection is made to the ip address that domain resolves to will be encrypted.

Answer 2

Actually you can do that... You can have an encrypt/decrypt function including a time expiry for the given parameter. I have a script that does that for my network systems. And you have to build that on your own, I can't go public with my security scripts... But here's the idea:

1. Find or build an encryption/decryption function
2. Add date & time checks for the function so that the encrypted string will expire
3. Use that function to encrypt the outgoing string
4. After encryption, if you're using PHP, urlencode() the encrypted string to make sure that all the special characters survives after the other end receives it.
5. At the other end, perform a urldecode(), then decrypt it, then pass the value.