LiveCode Forums

Posted: **Thu Mar 26, 2015 6:47 am**

I have been reading up on encrypting. So far I have managed to encrypt with aes; however, when trying to encrypt with rsa, I seem to have hit a road-block.

I have generated my key-pair.

But things are not working when I try: encrypt message with public key key

Should my pub-key go into a variable? If so, is there a trick to doing that, or do I just grab the characters between the:

-----BEGIN PUBLIC KEY-----

-----END PUBLIC KEY-----

and then wrap that in quotes and put it in my variable?

Posted: **Fri Mar 27, 2015 10:46 pm**

I wonder if this (encrypting with RSA) is something that would be covered in the Livecode Lessons that come with the subscription. I looked at the lessons that come with the free 30 day sign-up, but nothing there touched on encryption.

Posted: **Sat Mar 28, 2015 3:11 am**

Did you try "encrypt source using rsa with {public | private} key key [and passphrase passphrase]" as described in the Dictionary? I only mention it because your message didn't have the "using rsa" in it.
Walt

Posted: **Sat Mar 28, 2015 3:39 am**

Yes, I should have been more specific. Here is what I have tried:

Code: Select all

 encrypt tThing using rsa with public key tPublicKey
           put it into put it into tThingEncoded

which gives me an empty variable.

the dictionary has this as an example:

Code: Select all

encrypt myMessage with public key myKey

I am just guessing that I am putting my pub-key in the variable wrongly. I have tried putting the public key in quotes, without quotes, on a single line, on multiple line, and on multiple lines with and without quotes.

Posted: **Sat Mar 28, 2015 4:55 am**

There is a good write up here;
http://forums.livecode.com/viewtopic.php?f=8&t=11733
But I haven't tried to implement it yet.

Simon

Posted: **Sat Mar 28, 2015 5:02 am**

I kept an example private RSA key as a PEM file. This example worked for me.

One note: You had:

Code: Select all

put it into put it into tThingEncoded

which has "put it into" twice - I don't know if that was a cut and paste, or how it might work.

Here's my test stack and example RSA key file. I did it in 7.0.3 on Win7x64

Posted: **Sat Mar 28, 2015 5:22 am**

Thanks, that worked.

Using:

Code: Select all

put URL ("file:"& "/path/to/my/pubkey.pub") into tPublicKey

and then:

Code: Select all

   encrypt tThing using rsa with public key tPublicKey

gives me encrypted data.

I appreciate you posting that.

Posted: **Sat Mar 28, 2015 10:13 am**

So I have encrypt and decrypt using rsa with private/public keys working fine on my Desktop application; however, if I send encrypted stuff to my server, I cannot seem to get LiveCode server to decrypt the rsa bit.

I have encoded with base64encode, and urlEncode before sending to the server. Also made sure I could decode all of that on my desktop before sending, and that works.
Also tried NOT enccoding the rsa-encrypted string with base64 and urlEncode.

Also tested decrypting with urlDecode, and then base64Decode once on the server, and that seems to be working as well, but when I get to the part where I decrypt with rsa, it seems to fail.

I can encrypt something on my server with rsa, and send it to my desktop and it gets decrypted okay.

So the failure point seems to be when it is decrypting with rsa on the server. Is there something special there that should happen that is different from the Desktop?

Posted: **Sat Mar 28, 2015 2:32 pm**

ghettocottage wrote:Also tested decrypting with urlDecode, and then base64Decode once on the server, and that seems to be working as well, but when I get to the part where I decrypt with rsa, it seems to fail.

What error message do you see in "the result"?

Posted: **Sat Mar 28, 2015 3:34 pm**

What error message do you see in "the result"?

just blank. no message

Posted: **Sat Mar 28, 2015 4:25 pm**

Anything in "it"?

Posted: **Sat Mar 28, 2015 6:20 pm**

Okay..figured it out:

Following the idea in this thread: http://forums.livecode.com/viewtopic.php?f=8&t=11733
here is my function I am using to encrypt a password on my app to send to the server:

Code: Select all

 function rEncode tString
   encrypt tString using rsa with public key  gPublicKey
   put it into tRsa
   put base64Encode(tRsa) into t64 
   put urlEncode(t64) into tUrlencoded
   return tUrlencoded
end rEncode

and here is my function to decode/decrypt that on my server

Code: Select all

function dEncode tString
   put urlDecode(tString) into t64
   put base64Decode(t64) into tRsa
   decrypt tRsa using rsa with private key  gPrivateKey
   put it into tDecrypted
   return tDecrypted
end dEncode

All good. I can use both of those functions on my desktop with good results: password is encrypted and decrypted
However, posting that password to the server, and using the dEncode function fails. The problem: on sending to the server, the password is wrapped with carriage returns. So on the server I had to add another step to the dEncode function:

Code: Select all

function dEncode tString
   put  urlEncode(tString) into tUrlencoded 
   put urlDecode(tUrlencoded) into t64
   put base64Decode(t64) into tRsa
   decrypt tRsa using rsa with private key  gPrivateKey
   put it into tDecrypted
   return tDecrypted
end dEncode

I feel like there might be a simpler way to go about this, but when I try to remove some of the encoding steps, the decoding fails on the server. From the referenced thread I gather:

the rsa-encrypted string needs to be base64 encoded so data is not lost on sending
the base64 encoded string gets wrapped, so it needs to be urlEncoded
//okay, got that. I also discover that:
on sending to the server via post, it gets wrapped again with carriage returns, so an additional urlEncode reverts it back to how it was before sending...then everything else toddles along as expected.

at any rate, it seems to be working now.

I wrote a function to generate random salts and passwords on each send (cobbled together from some other threads on this forum):

Code: Select all

function randPassword
     put empty into tRandom
  repeat with x = 1 to 9
    put random(10)-1 into tRnd
    -- so that the number never starts with 0
    if x = 1 then put random(9) into tRnd
    put tRnd after tRandom
 end repeat
  put base64Encode(tRandom) into t64 
 return t64
end randPassword

so:

random password and salt generated on each send is used to encrypt my data with aes256
same password and salt are then encrypted with rsa

all that is sent via post to my server, which then decrypts the password and salt so it can decrypt the rest of the data.

Lots of encrypting, encoding and decoding going on there. I have not seen any issues with performance, but have only been sending small chunks of data while I worked this all out.

Posted: **Sat Mar 28, 2015 7:07 pm**

How does the server obtain the data? If it reads only until CR I can see the issue with Base64's multi-line value. But if it reads until EOF it should be fine, no?

Posted: **Sat Mar 28, 2015 7:30 pm**

Code: Select all

How does the server obtain the data? If it reads only until CR I can see the issue with Base64's multi-line value. But if it reads until EOF it should be fine, no?

Before sending, the (encrypted/encoded) password looks like this (slightly shortened for readability):

Code: Select all

ZR%2Bs%2BNXFAvkoqhLf2yrwYvS46%2BikQMlE4JggO0%2B27ahiisPgSCmA5BqliEZHSVeME9cLs0LV%0D%0ASeGYHXd08uZ3OjqyXOrtuxaxIqJiOFnannMyb4%2BPVn%2FyRSZS1%2BXdU6rvMlmYXaaZghEr32Bb%0D%0ATifoy20ejcuKAMw5Xukcp9V5aJPuyS1U%2B6KOWvr0WbqYWZo2wHd5kUlDMXZVWs05BHEh70vM%0D%0AUMwxz2PsIO7ZFnk%2BTA6Ap6gz0yc7CbFPpxXDn38%3D

Here is what the server gives me after sending it post like this:

Code: Select all

   post tStuffToPost to URL tServerURL
   put it into tResult

which will give me this:

Code: Select all

ZR+s+NXFAvkoqhLf2yrwYvS46+ikQMlE4JggO0+27ahiisPgSCmA5BqliEZHSVeME9cLs0LV
SeGYHXd08uZ3OjqyXOrtuxaxIqJiOFnannMyb4+PVn/yRSZS1+XdU6rvMlmYXaaZghEr32Bb
Tifoy20ejcuKAMw5Xukcp9V5aJPuyS1U+6KOWvr0WbqYWZo2wHd5kUlDMXZVWs05BHEh70vM
UMwxz2PsIO7ZFnk+TA6Ap6gz0yc7CbFPpxXDn38=

So on the server I do the extra bit:

Code: Select all

put  urlEncode(tPW) into tPWurlencoded

which returns an identical single-line like the original bit, and then "decode using rsa" works and birds start chirping and the sun comes out.

Posted: **Sat Mar 28, 2015 7:37 pm**

Yes, I'm familiar with what urlDecode does. My question is why is it necessary?

Base64 is only rarely output as a single line; the multi-line format LC uses is more common. And given that base64 takes care of making sure non-text bytes that may be seen as control characters are removed, it's usually good as it is.

Which is what had me wondering how the server is reading the POST data. If it reads until EOF I would imagine it would be fine with base64 as-is. I use base64 for most client-server apps, and it's been a reliable transport format.

LiveCode Forums

encrypt using rsa

encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa

Re: encrypt using rsa