How to Encrypt data in PHP and Decrypt in C#
Posted by Dave at 1/18/2016 8:56:30 PM
No users have rated this item yet.
My client has two websites running—one with user accounts and content managed by WordPress, and the second one with licensing and support ticket information that has been extracted from SalesForce.com and stored in a SQL Server database. We did it this way to minimize the PHP code we needed to write—all we needed to do in this scenario was insert some sort of user credentials into the query string. But we needed to do this somewhat securely, so that a curious user couldn’t inspect the query string, fiddle with the parameters, and be able to look up another user’s license keys or support data.
We didn’t need this to be NSA/Fort Knox secure, but just enough to make it a very difficult task. We used a Rijndael encryption, an algorithm that has been selected by the U.S. National Institute of Standards and Technology as the candidate for the Advanced Encryption Standard, which uses a 256 bit key and secret code. Yes, it is possible that you could brute force to try to guess both codes, but it would take more time and money and it would be worth to steal one of our licenses. Here’s how to do it with a simple example you can deploy easily. We’re going to encrypt a string in PHP, pass it into a querystring, and decrypt it with C#:
What a piece of cake!
We didn’t need this to be NSA/Fort Knox secure, but just enough to make it a very difficult task. We used a Rijndael encryption, an algorithm that has been selected by the U.S. National Institute of Standards and Technology as the candidate for the Advanced Encryption Standard, which uses a 256 bit key and secret code. Yes, it is possible that you could brute force to try to guess both codes, but it would take more time and money and it would be worth to steal one of our licenses. Here’s how to do it with a simple example you can deploy easily. We’re going to encrypt a string in PHP, pass it into a querystring, and decrypt it with C#:
- You will need two web server hosting accounts, one running Linux and another running Windows/IIS. You can do both with a free trial Azure account by spinning up two virtual machines. I already had a free Linux account with Koding.com and I used Azure for the Windows/IIS part.
- On the linux server, simply create a new PHP file and paste this code in. Edit the link to point to point to your Windows/IIS web site.
$text = "Here is my data to encrypt!!!"; $etext = encryptRJ256($ky, $iv, $text); echo "<"; echo "a href=\"http://www.XXXXXXXXX.com/default.aspx?EncryptedString=" . $etext . "\" target=\"_new\""; echo ">Send to Diff WebSite to Decrypt"; echo "<"; echo "/a"; echo ">"; function encryptRJ256($string_to_encrypt) { $ky = 'lkirwf897+22#bbtrm8814z5qq=498j5'; // 32 * 8 = 256 bit key $iv = '741952hheeyy66#cs!9hjv887mxx7@8y'; // 32 * 8 = 256 bit iv $rtn = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $string_to_encrypt, MCRYPT_MODE_CBC, $iv); $rtn = base64_encode($rtn); return($rtn); }
- Launch your Linux site in a browser and it will look like this:
- Create an ASP.Net page named default.aspx on the Windows/IIS site and paste the code below into the body:
<%= DecryptRJ256(Request.QueryString["EncryptedString"]) %>
- In the default.aspx.cs (CodeBehind) page goes the C# code:
using System; using System.IO; using System.Security.Cryptography; using System.Text; public partial class _Default : System.Web.UI.Page { public static string DecryptRJ256(string prm_text_to_decrypt) { const string prm_key = "lkirwf897+22#bbtrm8814z5qq=498j5"; //32 chr Shared ascii String (32 * 8 = 256 bit) const string prm_iv = "741952hheeyy66#cs!9hjv887mxx7@8y"; //32 chr Shared ascii String (32 * 8 = 256 bit) var sEncryptedString = prm_text_to_decrypt; var myRijndael = new RijndaelManaged() { Padding = PaddingMode.Zeros, Mode = CipherMode.CBC, KeySize = 256, BlockSize = 256 }; var key = Encoding.ASCII.GetBytes(prm_key); var IV = Encoding.ASCII.GetBytes(prm_iv); var decryptor = myRijndael.CreateDecryptor(key, IV); var sEncrypted = Convert.FromBase64String(sEncryptedString); var fromEncrypt = new Byte[sEncrypted.Length]; var msDecrypt = new MemoryStream(sEncrypted); var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read); csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length); return(Encoding.ASCII.GetString(fromEncrypt)); } }
- And when you click in the link in the PHP page, you'll see your text decrypted on a separate server using C#.
What a piece of cake!
6,985 views.
No users have rated this item yet.