Encryption between desktop app and server - C# to PHP -


i have app designed in c#. in simple terms app sends data , image web server takes $_post data , processes it. confess not understand how security end of things work. employ relevant experience wouldn't know ask them @ point in accepted techniques.

i assume not simple base64 encode/decode data , needs higher level of encryption. webserver have https ssl(ov) certification on next few weeks limited understanding still need sort of protection/encryption when transferring data users pc web server not listening in on data transfer or that.

in simple terms if want keep data secure between users , webserver of common or accepted methods c# php?

the data goes directly app on users pc server, control source code both myself , not developer hence lack of technical knowledge on issue.

one c# developer talked suggested symmetric/asymmetric algorithm not php developer doesn't know if php can take data , decrypt it.

to answer further questions, when server issued , configured cert, shouldn't need more.

using https

https works verifying ssl certifications certificate authority (ca) during initial handshake. certificate authorities, list of signatures used verify said certs, come preloaded os vendor.

assuming server has ca issued certificate, required change using http https when making connection. library you're using should have method of verifying servers ssl cert, if doesn't automatically you.

there no technical reason should have encrypt being sent on https, long certificate encrypted.

also, if dig deeper nitty-gritty details of how https works, there's this post on over information security sheds little light on inner workings of protocol.

to answer original question

for sake of completeness.

php has cryptography extension mcrypt supports various algorithms , cipher operation modes. i've put simple example using aes 256 / pbkdf-sha1 key decryption (along c# code perform encryption).

edit: i'd point out hash_pbkdf2 available in php 5.5 , up. support down 5.3 can added this nifty trick.

php

function decode_aes($data, $key) // decrypt custom format data string {     $iv_size = mcrypt_get_iv_size(mcrypt_rijndael_128, mcrypt_mode_cbc);     $salt_size = 16;      $iv = substr($data, 0, $iv_size); // init vector     $salt = substr($data, $iv_size, $salt_size); // salt     $extact = substr($data, $iv_size + $salt_size); // encrypted data      $key = hash_pbkdf2("sha1", $key, $salt, 1000, 32, true); // sets use pbkdf-sha1      return mcrypt_decrypt(mcrypt_rijndael_128, $key, $extact, mcrypt_mode_cbc, $iv); // perform decryption extracted sections }  // example, i've included this. $encryped = "zgcp2ssds32y8son8myfcejojdem4e3y8wx52a+itfrk/1tjwmzkqmrb06bfu8dk"; echo decode_aes(base64_decode($encryped), "password");

c#

using system; using system.text; using system.security.cryptography; using system.io;  namespace aesexample {     class program     {         static void main(string[] args)         {             byte[] toencrypt = encoding.utf8.getbytes("encrypted text");             byte[] key = encoding.utf8.getbytes("password");             string encrypted = convert.tobase64string(encryptaes(toencrypt, key));         }          public static byte[] encryptaes(byte[] data, byte[] key)         {             using(rijndaelmanaged algo = new rijndaelmanaged())             {                 algo.generateiv();                 algo.mode = ciphermode.cbc;                 algo.padding = paddingmode.zeros;                  byte[] saltbuffer = new byte[16];                 rngcryptoserviceprovider saltgenerator = new rngcryptoserviceprovider();                 saltgenerator.getbytes(saltbuffer);                  rfc2898derivebytes pbkdf2 = new rfc2898derivebytes(key, saltbuffer, 1000);                 key = pbkdf2.getbytes(32);                  icryptotransform cipher = algo.createencryptor(key, algo.iv);                  using(memorystream ms = new memorystream())                 {                     ms.write(algo.iv, 0, algo.iv.length);                     ms.write(saltbuffer, 0, saltbuffer.length);                     using(cryptostream cs = new cryptostream(ms, cipher, cryptostreammode.write))                     {                         using(streamwriter sw = new streamwriter(cs))                         {                             sw.write(encoding.utf8.getstring(data).tochararray());                         }                     }                     return ms.toarray();                 }             }         }     } }

Comments

Post a Comment

Popular posts from this blog

php - failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request -

this code i'm using find latitude , longitude of place: function coords($address){ echo $url="http://maps.googleapis.com/maps/api/geocode/json?address=".$address; $json = file_get_contents(urlencode($url)); $data = json_decode($json, true); print_r($data['results'][0]['geometry']['location']['lat']); print_r($data['results'][0]['geometry']['location']['lng']); } however returns warning: failed open stream: http request failed! http/1.0 400 bad request if use above code in simple procedure works fine not in function. note: have tried curl_init()... method produced same result? instead of encoding whole url encode address part. following code work fine $add='jamshoro phase 2'; $url="http://maps.googleapis.com/maps/api/geocode/json?address=".urlencode($add); $json = file_get_contents($url); $data = json_decode($json, true); print_r($data['r
Read more

java - How to filter a backspace keyboard input -

i have code gives message when key number pressed: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochararray().length - 1]; if (!(ch >= '0' && ch <= '9')) { system.out.println("the char entered not number"); t.consume(); } } }); now if press on wrong button , press backspace remove it, error message. how can add backspace input if statement? i have found answer: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochar
Read more

java - Show Soft Keyboard when EditText Appears -

i have code in android app, alert dialog , keyboard, , when dialog shown want keyboard appear. not , not sure why? here code: final alertdialog.builder alert = new alertdialog.builder(this); alert.settitle("title"); alert.setmessage("message"); final edittext input = new edittext(this); input.setinputtype(inputtype.type_class_number); alert.setview(input); input.setonfocuschangelistener(new view.onfocuschangelistener() { @override public void onfocuschange(view v, boolean hasfocus) { if (hasfocus) { log.i(tag, "in focus"); inputmethodmanager inputmethodmanager = (inputmethodmanager) getsystemservice(context.input_method_service); inputmethodmanager.showsoftinput(input, inputmethodmanager.show_implicit); } } }); but keyboard not appear though edit text in focus, , tell appear why, doesn't come up? thanks in advance.
Read more