Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming XML RPC with AES encryption
XML RPC with AES encryption
  • El Forum
    Guest
  •  
#1
03-03-2009, 01:44 PM

[eluser]Gewa[/eluser]
Hi I need extremally that CI accepts posted XML which was encrypted by AES and locally decrypt it and work with the data which is inside. Any IDEA how this can be done. The RPC library of CI can be used for this or no. I am newbee for XML...Sad
  • El Forum
    Guest
  •  
#2
03-03-2009, 02:02 PM

[eluser]pistolPete[/eluser]
Do you have mcrypt installed?
This module provides AES support.
  • El Forum
    Guest
  •  
#3
03-03-2009, 02:17 PM

[eluser]Gewa[/eluser]
I can install it. no problem. But how you see the usage?

Actually what i need is

a) PC Soft sends Cryped with AES Bjorndal 128 or 256 POST request to any controller
b) Controller decrypt the data and begin to use it ...

Data is XML....
  • El Forum
    Guest
  •  
#4
03-03-2009, 02:26 PM

[eluser]Gewa[/eluser]
Introduction

This is an interface to the mcrypt library, which supports a wide variety of block algorithms such as DES, TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB cipher modes. Additionally, it supports RC6 and IDEA which are considered "non-free".

I don't see AES in the intro.. will research it deeper...
  • El Forum
    Guest
  •  
#5
03-03-2009, 04:42 PM

[eluser]pistolPete[/eluser]
[quote author="Gewa" date="1236133574"]I don’t see AES in the intro.[/quote]

AES was originally called Rijndael.
You can see the supported list of cyphers here: mcrypt.ciphers.php
Among others it contains MCRYPT_RIJNDAEL_128.

mcrypt.constants.php
Quote:Mcrypt can operate in four block cipher modes (CBC, OFB, CFB, and ECB)

Which block cipher mode does your PC software use? What software are you using at all?

Is the whole XML-RPC request encrypted (including the xml structure) or just the enclosed data?

If it's just the data you can decrypt it in your controllers.
If it's the whole request you have to extend the XML-RPC library, particularly the function parseRequest().

There is a good example of how to use PHP AES encryption: Understanding PHP AES Encryption
  • El Forum
    Guest
  •  
#6
03-04-2009, 01:39 AM

[eluser]Gewa[/eluser]
Hi PistolePete, you are really super friendly.
Actually yesterday we discuss with my partner how it should be better for security and we come over that AES is simmetric encryption and if somebody will crack down the software he will get injection possibility which is very very bad, so we come over we schould use RSA...
There you need to have 2 keys one public and second private. So even the software is cracked hacker can't get possibility to decrypt data.

The idea is following . There is xml dataset like this

Code:
<dataset>

<var1> Var1_value</var1>
<var2> Var2_value </var2>

</dataset>

This will be encrypted in the software with its own private key
and will send using POST to the specified controller , lets say to www.mysite.com/communicator/data_processor/

In the software the variable should be decrypted and from one variable I should get easily $VAR1,$VAR2 values to pass to database.

I am confused what to do...
  • El Forum
    Guest
  •  
#7
03-04-2009, 02:01 AM

[eluser]pistolPete[/eluser]
So you don't use XML-RPC but instead just POST XML structured data which is encrypted?

Then all you have to is findind an implementation of the RSA algorithm in PHP, e.g.
- http://pear.php.net/package/Crypt_RSA
- http://www.edsko.net/misc/

Lookup some guides:
- http://www.devx.com/webdev/Article/37821/1954
- http://blog.local.ch/archive/2007/10/29/...-java.html

The latter is an example on how to communicate between a java application and php using RSA.
It uses base64 encoding to ease data handling.




Theme © iAndrew 2016 - Forum software by © MyBB