Page 1 of 1
passing encrypted data in url
Posted: Tue May 30, 2006 4:45 am
by hessodreamy
I know it sounds simple but I'm trying to pass encrypted data in a url, which i can later decrypt . I've been sniffing around the various encryption functions but it seems to me that the output would be a string that wouldn't legally fit into a url. Can anyone suggest a function to use?
Posted: Tue May 30, 2006 5:11 am
by Oren
urlencode and
urldecode should do the trick

Posted: Tue May 30, 2006 6:01 am
by hessodreamy
Doh! pretty obvious, really.
Cheers!
Posted: Tue May 30, 2006 8:55 am
by Ambush Commander
Be careful, though. URLs get truncated after a certain length (please don't make them 2kb long).
Posted: Tue May 30, 2006 9:25 pm
by shiflett
Be careful - URL encoding is not encryption.
Posted: Tue May 30, 2006 11:43 pm
by tecktalkcm0391
Here is what you can do:
Code: Select all
<?php
// ---
// Code for First Page
// ---
// Variable to be encrypted and sent:
$text = "Hello";
// Encryption
// You can replace 8660281B6051D071D94B5B230549F9DC851566DC
// with any key you want just make sure to change it on the second page's key
$gpg = new gnupg();
$gpg -> addencryptkey("8660281B6051D071D94B5B230549F9DC851566DC");
$encypted_text = $gpg -> encrypt("$text");
// Encode for sending.
$send_string = 'encryptedtext=' . urlencode($encrypted_text) . '';
// Now just make it so it sends the codes
?>
Code: Select all
<?php
// ---
// Code for Second Page
// ---
// Variable to be decrypted from send:
$recieved_text= $_GET['variable'];
//Decode URL
$recieved_text = urldecode($recieved_text);
//Decryption
// Make sure the 8660281B6051D071D94B5B230549F9DC851566DC
// matched the key on the first page // Leave test the same, or you can change it to anything.
$gpg = new gnupg();
$gpg -> adddecryptkey("8660281B6051D071D94B5B230549F9DC851566DC","test");
$text = $gpg -> decrypt($recieved_text);
// Decoded variable
$text = $text;
?>
Hope this works.
Posted: Wed Jun 14, 2006 6:06 am
by quocbao
Try my class :
secureURL
This class will auto encrypt
all params in your urls

.
Posted: Wed Jun 14, 2006 3:49 pm
by hessodreamy
I'm currently using a class (and have used other methods) based on the mcrypt function.
It all works very well but seems... messy.
The encrypted output is all kinds of crazy characters. As I'm putting the encrypted data in the url I'm using urlencode. So the query string is pretty long and looks messy.
I understand that encryption using only alphanumeric characters is less secure, but is there a method which gives alphanumerics?
I mean, I've seen lots of encoded stuff passed in urls in my time, but nothing that looked as messy as what I had.
background...
Apart from generally striving to understand encryption methods, the problem I'm currently working on is simply encrypting an email address to be used in a link from an email. I get it into my head that some people will object to their personal info being passed, so i'm just trying to obfucate that. In short, in this case maximum security isn't a massive priority, though I would like to understand things in case it was a priority.
Posted: Thu Jun 15, 2006 5:49 am
by hessodreamy
oh, by the way, I've tried all the different algorithms supported by mcrypt, and they all seem messy.