Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Can I decrypt a string encrypted in javascript with crypto-js in fuel and vice versa?
  • bperinbperin
    I've been trying to figure out a way to use the crypto-js javascript AES encryption to send data to my server and decrypt it in Fuel but have had no luck. http://code.google.com/p/crypto-js/#AES Since it's a standard it should be feasable Trying a simple example I changed my crypt config to the following
    return array (
 'crypto_key' => 'secret',
 'crypto_iv' => 'secret',
 'crypto_hmac' => 'secret',
);

    I'll encode a string using this (js) 
        var encrypted = CryptoJS.AES.encrypt("Message", "secret");

  //do some AJAX stuff here and send to server

    On the server side I want to decode it, but I just get junk
    $encrypted_string = Input::post('some_var');

$value = Crypt::decode($encrypted_string, 'secret');

    but the value is always garbage Any ideas?
  • HarroHarro
    The Crypt class uses base64_encode()/decode() to make sure the crypted result is a readable string that can be manupulated. So after encrypting your code must base64_encode() it using the same rules as the Crypt class ( check out the safe_b64encode()/safe_b64decode() methods ). But isn't this a rather pointless and even dangerous route you're taking? To be able to AES encrypt in you js, you will need to send the crypto keys to the client, visible for everyone to see. Which will also compromise all encryption in your app...
  • bperinbperin
    Harro Verton wrote on Tuesday 31st of July 2012:
    The Crypt class uses base64_encode()/decode() to make sure the crypted result is a readable string that can be manupulated. So after encrypting your code must base64_encode() it using the same rules as the Crypt class ( check out the safe_b64encode()/safe_b64decode() methods ). But isn't this a rather pointless and even dangerous route you're taking? To be able to AES encrypt in you js, you will need to send the crypto keys to the client, visible for everyone to see. Which will also compromise all encryption in your app...

    The JS is running on a phonegap / android app so its not like its a readable website. So saving the keys locally would be just as secure as having them saved in a native android app I presume. Basically I'm using javascript to communicate with my server side API so the client and server will know the crypt keys but they are not transmitted back and forth. Also I did plan on using custom keys for this in the event something was compromised the rest of my app wont be affected. I'll see if I can get this to work with base64 encoding, thanks.
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion