[eluser]freezy[/eluser]
hello every one...
i try to do an encryption on client side and do dectryptio on server side and vice versa. i found interesting AES implementation written on javascript and php. I modify the example on php ('<!-- test harness... -->'), and trying to encrypt on client and decrypt on server and vice versa. It work well!!!, I can copy and paste encrypted texts between this script and the JavaScript version and they work perfectly.
I copy paste the code to the CI controller class, and make a modification to the script and run the page. The page load well, but looks like the encrypt and the decrypt process doesn't. Please...., anyone can help me with this???
this is the non CI class code
Code: <?php
//php AES implementation
?>
<!-- test harness... -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>AES in PHP test harness</title>
</head>
<!--- the AES javascript impl ---->
<!--- [removed][removed] --->
<!--- page script ---->
<!---
[removed]
function encrypt_on_client(plaintext, password, nBits){
var aa = AESEncryptCtr(plaintext, password, nBits);
document.frm.cipher.value = aa;
}
[removed]
--->
<body>
<? $pw = isset($_POST['pw']) ? stripslashes($_POST['pw']) : "L0ck it up saf3";
$pt = isset($_POST['pt']) ? stripslashes($_POST['pt']) : "pssst ... đon't tell anyøne!";
$encr = isset($_POST['encr']) ? $_POST['cipher'] : '';
$decr = isset($_POST['decr']) ? AESDecryptCtr($_POST['cipher'], $pw, 256) : '';
?>
<form name="frm" id="frm" method="post" action="./aes.php"> <!-- same-document reference -->
<table>
<tr>
<td>Password:</td>
<td><input type="text" name="pw" size="16" value="<?= $pw ?>"></td>
</tr>
<tr>
<td>Plaintext:</td>
<td><input type="text" name="pt" size="40" value="<?= $pt ?>"></td>
</tr>
<tr>
<td></td>
<td><input type="text" name="cipher" size="80" value="<?=$encr?>"></td>
</tr>
<tr>
<td></td>
<td><input type="text" size="40" value="<?= $decr ?>"></td>
</tr>
</table>
<input type="button" name="encr" value="Encrypt it:"><!--- onclick="encrypt_on_client(document.frm.pt.value, document.frm.pw.value, 256)" --->
<input type="submit" name="decr" value="Decrypt it:">
</form>
</body>
</html>
this is the CI controller
Code: <?php
class Blah extends Controller {
function Blah(){
parent::Controller();
$this->load->helper('url');
}
function blah_blah(){
$pw = $this->input->post('pw');
$pw = !$pw? "L0ck it up saf3" : $pw;
$pt = $this->input->post('pt');
$pt = !$pt? "pssst ... đon't tell anyone!" : $pt;
$encr = $this->input->post('encr');
if ($encr){ $encr = $this->AESEncryptCtr($pt, $pw, 256); }
else{ $encr = $this->input->post('cipher'); }
$decr = $this->input->post('decr');
if ($decr){ $decr = $this->AESDecryptCtr($_POST['cipher'], $pw, 256); }
else { $decr = $this->input->post('plain'); }
$data = array(
'pw'=>$pw,
'pt'=>$pt,
'encr'=>$encr,
'decr'=>$decr,
'server_side'=>$this->AESEncryptCtr($pt, $pw, 256)
);
$this->load->view('users/login', $data);
}
//AES implementation php code
}
and the CI view
Code: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>AES in PHP test harness</title>
</head>
<body>
<!--- the AES javascript impl ---->
<!--- [removed][removed] --->
<form name="frm" id="frm" method="post" action="">
<table>
<tr>
<td>Password:</td>
<td><input type="text" name="pw" size="16" value="<?= $pw ?>"></td>
</tr>
<tr>
<td>Plaintext:</td>
<td><input type="text" name="pt" size="300" value="<?= $pt ?>"></td>
</tr>
<tr>
<td><input type="submit" name="encr" value="Encrypt it:"></td>
<td><input type="text" name="cipher" size="300" value="<?= $encr ?>"></td>
</tr>
<tr>
<td><input type="submit" name="decr" value="Decrypt it:"></td>
<td><input type="text" name="plain" size="300" value="<?= $decr ?>"></td>
</tr>
</table>
</form>
<input type="button" value="enc client side"/><!--- onclick="[removed] encry()" ---->
<!--- on page script ---->
[removed]
function encry(){
document.getElementsByName('cipher')[0].value = AESEncryptCtr(document.getElementsByName('pt')[0].value, document.getElementsByName('pw')[0].value, 256);
}
[removed]
<!--- End on page script ---->
<p>
<!--- use for copy and paste encrypted text ---->
[removed]
<!--- doc.write('this is client site (copy to above): ' + AESEncryptCtr(document.getElementsByName('pt')[0].value, document.getElementsByName('pw')[0].value, 256) + '<br>'); --->
[removed]
<!--- use for copy and paste encrypted text ---->
<?= 'this is server site (copy to above) : ' . $server_side . '<br>' ?>
</p>
</body>
</html>
[eluser]pistolPete[/eluser]
The forum software did strip out some javascript, so the source code is not complete:
Quote:The page load well, but looks like the encrypt and the decrypt process doesn’t.
Do you get any error messages? What did you expect, what was the result?
Some general comment:
Why do you want to encrypt the client <-> server communication using AES and javascript? Why don't you just use SSL?
[eluser]Rob Steele[/eluser]
That's what i'd do personally
[eluser]freezy[/eluser]
Quote:Some general comment:
Why do you want to encrypt the client <-> server communication using AES and javascript? Why don’t you just use SSL?
Quote:That’s what i’d do personally
yeah you right guys, absolutely aggree. we can use SSL to implement secure connection. can't tell you guys why i can't use SSL, i'm sorry , thats G** D*** too embarrassin to tell here.
Quote:The forum software did strip out some javascript, so the source code is not complete:
Quote:[removed]
the removed script doesn't have special meaning, just a simple script (e.g import the js).
this is the non CI class code
Code: <?php
//php AES implementation
?>
<!-- test harness... -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>AES in PHP test harness</title>
</head>
<script src="aes.js"></script>
<script>
function encrypt_on_client(plaintext, password, nBits){
var aa = AESEncryptCtr(plaintext, password, nBits);
document.frm.cipher.value = aa;
}
function decrypt_on_server(){
document.frm.submit();
}
</script>
<body>
<? $pw = isset($_POST['pw']) ? stripslashes($_POST['pw']) : "L0ck it up saf3";
$pt = isset($_POST['pt']) ? stripslashes($_POST['pt']) : "pssst ... đon't tell anyøne!";
$encr = isset($_POST['encr']) ? $_POST['cipher'] : '';
$decr = isset($_POST['decr']) ? AESDecryptCtr($_POST['cipher'], $pw, 256) : '';
?>
<form name="frm" id="frm" method="post" action="./aes.php"> <!-- same-document reference -->
<table>
<tr>
<td>Password:</td>
<td><input type="text" name="pw" size="16" value="<?= $pw ?>"></td>
</tr>
<tr>
<td>Plaintext:</td>
<td><input type="text" name="pt" size="40" value="<?= $pt ?>"></td>
</tr>
<tr>
<td></td>
<td><input type="text" name="cipher" size="80" value="<?=$encr?>"></td>
</tr>
<tr>
<td></td>
<td><input type="text" size="40" value="<?= $decr ?>"></td>
</tr>
</table>
<input type="button" name="encr" value="Encrypt it:" onclick="encrypt_on_client(document.frm.pt.value, document.frm.pw.value, 256)"<
<input type="submit" name="decr" value="Decrypt it:">
</form>
</body>
</html>
this is the CI View
Code: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>AES in PHP test harness</title>
</head>
<body>
<script src="<?=site_url('AES.js')?>"></script>
<form name="frm" id="frm" method="post" action="">
<table>
<tr>
<td>Password:</td>
<td><input type="text" name="pw" size="16" value="<?= $pw ?>"></td>
</tr>
<tr>
<td>Plaintext:</td>
<td><input type="text" name="pt" size="300" value="<?= $pt ?>"></td>
</tr>
<tr>
<td><input type="submit" name="encr" value="Encrypt it:"></td>
<td><input type="text" name="cipher" size="300" value="<?= $encr ?>"></td>
</tr>
<tr>
<td><input type="submit" name="decr" value="Decrypt it:"></td>
<td><input type="text" name="plain" size="300" value="<?= $decr ?>"></td>
</tr>
</table>
</form>
<input type="button" value="enc client side" onclick="[removed] encry()"/<
<script src="aes.js"></script>
<script>
function encrypt_on_client(plaintext, password, nBits){
var aa = AESEncryptCtr(plaintext, password, nBits);
document.frm.cipher.value = aa;
}
function decrypt_on_server(){
document.frm.submit();
}
</script>
<!--- use for copy and paste encrypted text, replace the doc with document ---->
<script>doc.write('this is client side (copy to above): ' + AESEncryptCtr(document.getElementsByName('pt')[0].value, document.getElementsByName('pw')[0].value, 256) + '<br>');</script>
<!--- use for copy and paste encrypted text ---->
<?= 'this is server side (copy to above) : ' . $server_side . '<br>' ?>
</p>
</body>
</html>
[eluser]freezy[/eluser]
Quote:Some general comment:
Why do you want to encrypt the client <-> server communication using AES and javascript? Why don’t you just use SSL?
Quote:That’s what i’d do personally
yeah you right guys, absolutely aggree. we can use SSL to implement secure connection. can't tell you guys why i can't use SSL, i'm sorry , thats G** D*** too embarrassin to tell here.
Quote:The forum software did strip out some javascript, so the source code is not complete:
Quote:[removed]
the removed script doesn't have special meaning, just a simple script (e.g import the js).
this is the non CI class code
Code: <?php
//php AES implementation
?>
<!-- test harness... -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>AES in PHP test harness</title>
</head>
<script src="aes.js"></script>
<script>
function encrypt_on_client(plaintext, password, nBits){
var aa = AESEncryptCtr(plaintext, password, nBits);
document.frm.cipher.value = aa;
}
function decrypt_on_server(){
document.frm.submit();
}
</script>
<body>
<? $pw = isset($_POST['pw']) ? stripslashes($_POST['pw']) : "L0ck it up saf3";
$pt = isset($_POST['pt']) ? stripslashes($_POST['pt']) : "pssst ... đon't tell anyøne!";
$encr = isset($_POST['encr']) ? $_POST['cipher'] : '';
$decr = isset($_POST['decr']) ? AESDecryptCtr($_POST['cipher'], $pw, 256) : '';
?>
<form name="frm" id="frm" method="post" action="./aes.php"> <!-- same-document reference -->
<table>
<tr>
<td>Password:</td>
<td><input type="text" name="pw" size="16" value="<?= $pw ?>"></td>
</tr>
<tr>
<td>Plaintext:</td>
<td><input type="text" name="pt" size="40" value="<?= $pt ?>"></td>
</tr>
<tr>
<td></td>
<td><input type="text" name="cipher" size="80" value="<?=$encr?>"></td>
</tr>
<tr>
<td></td>
<td><input type="text" size="40" value="<?= $decr ?>"></td>
</tr>
</table>
<input type="button" name="encr" value="Encrypt it:" onclick="encrypt_on_client(document.frm.pt.value, document.frm.pw.value, 256)"<
<input type="submit" name="decr" value="Decrypt it:">
</form>
</body>
</html>
this is the CI View
Code: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>AES in PHP test harness</title>
</head>
<body>
<script src="<?=site_url('AES.js')?>"></script>
<form name="frm" id="frm" method="post" action="">
<table>
<tr>
<td>Password:</td>
<td><input type="text" name="pw" size="16" value="<?= $pw ?>"></td>
</tr>
<tr>
<td>Plaintext:</td>
<td><input type="text" name="pt" size="300" value="<?= $pt ?>"></td>
</tr>
<tr>
<td><input type="submit" name="encr" value="Encrypt it:"></td>
<td><input type="text" name="cipher" size="300" value="<?= $encr ?>"></td>
</tr>
<tr>
<td><input type="submit" name="decr" value="Decrypt it:"></td>
<td><input type="text" name="plain" size="300" value="<?= $decr ?>"></td>
</tr>
</table>
</form>
<input type="button" value="enc client side" onclick="[removed] encry()"/<
<script src="aes.js"></script>
<script>
function encrypt_on_client(plaintext, password, nBits){
var aa = AESEncryptCtr(plaintext, password, nBits);
document.frm.cipher.value = aa;
}
function decrypt_on_server(){
document.frm.submit();
}
</script>
<!--- use for copy and paste encrypted text, replace the doc with document ---->
<script>doc.write('this is client side (copy to above): ' + AESEncryptCtr(document.getElementsByName('pt')[0].value, document.getElementsByName('pw')[0].value, 256) + '<br>');</script>
<!--- use for copy and paste encrypted text ---->
<?= 'this is server side (copy to above) : ' . $server_side . '<br>' ?>
</p>
</body>
</html>
Quote:Quote:The page load well, but looks like the encrypt and the decrypt process doesn’t.
Do you get any error messages? What did you expect, what was the result?
no error message at all, but i can't decrypt the encrypted text. i copy paste the encrypted text to the non CI (this work on the NON CI it self, and i know i can't expect better result), and do decrypt, looks like not work well neither.
|
