70513

Encrypting a value using MySQL's AES_ECRYPT function, then passing it in a URL string, using PH

Question:

I need to encrypt a string using MySQL's AES_ENCRYPT function, then attach that encrypted string to the end of a URL, such that it can then be decrypted and used by a PHP script on the other end.

Basically, I am encrypting the string (using MySQL's AES_ENCRYPT), I am then using PHP's rawurlencode() function to make it "URL safe". I then pass the encrypted string in a URL, which is then retrieved by the PHP script on the other end where it gets successfully decrypted... about 95% of the time.

Seems as though about 5% of strings are encrypting in such a way that they are getting corrupted somewhere in the process, and can't be decoded on the other end after being passed by a URL. Can anyone help me out here? Is there a 100% fool-proof way to do this? I have also tried using urlencode() as well as base64_encode() in varying combinations.

Thanks.

Answer1:

Solved.

Once I have encrypted the string using MySQL's AES_ENCRYPT function, I use PHP's bin2hex() function to convert that encrypted data (which is in binary form) in to Hexidecimal. I then pass the Hexidecimal as a string on the end of the URL. Once the URL is received on the other end, I then use this custom PHP function to revert the Hex string back to binary:

function hex2bin($data) { $len = strlen($data); return pack("H" . $len, $data); }

From there, all that's left to do is decrypt the data using MySQL's AES_DECRYPT function, and wha-la. The original string is successfully restored.

Answer2:

URLs have a finite maximum length. AES-encrypted strings do not.

URLs are not an appropriate vector for passing arbitrary information. Using an HTTP POST is a much better way, if you must communicate over HTTP.

About why you are having problems: quoting from <a href="http://php.net/urlencode" rel="nofollow">the PHP manual page on urlencode</a>:

<blockquote>

Note: Be careful about variables that may match HTML entities. Things like &amp, &copy and &pound are parsed by the browser and the actual entity is used instead of the desired variable name. This is an obvious hassle that the W3C has been telling people about for years. The reference is here: <a href="http://www.w3.org/TR/html4/appendix/notes.html#h-B.2.2" rel="nofollow">http://www.w3.org/TR/html4/appendix/notes.html#h-B.2.2</a>. PHP supports changing the argument separator to the W3C-suggested semi-colon through the arg_separator .ini directive. Unfortunately most user agents do not send form data in this semi-colon separated format. A more portable way around this is to use &amp; instead of & as the separator. You don't need to change PHP's arg_separator for this. Leave it as &, but simply encode your URLs using htmlentities() or htmlspecialchars().

</blockquote>

Recommend

  • Is there a uniform method in both PHP and JS to convert unicode characters?
  • Element with hover then click removes hover effect and click again adds hover again
  • FTP script retain timestamp of a file after put
  • Looping through jQuery objects in a collection without initializing a new jQuery object for each ite
  • inserting hex value into mysql
  • How do I write to registers in hardware using Python?
  • Matplotlib: Custom colormap with three colors [duplicate]
  • Strings appear exact, but they do not match?
  • Unknown C# type
  • Redirect to trailng slash (htaccess)
  • How can I count unique terms in a plaintext file case-insensitively?
  • How to make nicEditor snaplet? (Several questions)
  • Programmatically Update Linked Named Range of excel object in MS Word (2007)
  • remove unicode characters but keep all special and English characters with preg_replace
  • How can I prevent the need to copy strings passed to a avr-gcc C++ constructor?
  • Is there a Windows socket API call / option to “block” a range of ports à la SO_EXCLUSIVEADDRUSE
  • allocating memory to an array of string
  • Casting between Interfaces and Classes
  • jwtBearer bearer token with rc-1 update to ASP.Net 5
  • Enabling DTD support in Sql Server
  • Convert SQLite database to XML
  • SAVE attribute needed for Fortran variables when only the C_LOC address is returned to a C program?
  • WPF Visiblity Binding to Boolean Expression with multiple Variables
  • Conversion from string “a” to type 'Boolean' is not valid
  • Remove final comma from string in vb.net
  • copying resource to sdcard gives a damaged file in android
  • how to adjust image in a panel in Java swing?
  • NHibernate Validation Localization with S#arp Architecture
  • Bug in WPF DataGrid
  • Redux, normalised entities and lodash merge
  • Arrays break string types in Julia
  • trying to dynamically update Highchart column chart but series undefined
  • how does django model after text[] in postgresql [duplicate]
  • embed rChart in Markdown
  • Django query for large number of relationships
  • How to get NHibernate ISession to cache entity not retrieved by primary key
  • Why is Django giving me: 'first_name' is an invalid keyword argument for this function?
  • How can I use `wmic` in a Windows PE script?
  • Unable to use reactive element in my shiny app
  • How to push additional view controllers onto NavigationController but keep the TabBar?