encrypt using rsa

Bringing the internet highway into your project? Building FTP, HTTP, email, chat or other client solutions?

Moderators: Klaus, FourthWorld, heatherlaine, robinmiller, kevinmiller

ghettocottage
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 312
Joined: Tue Apr 10, 2012 9:18 am

Re: encrypt using rsa

Post by ghettocottage » Sat Mar 28, 2015 7:46 pm

So would it be better (or possible) to try and remove all urlEncode/urlDecode from the equation?

I am certainly a fan of whittling things down as much as possible.

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 6836
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: encrypt using rsa

Post by FourthWorld » Sat Mar 28, 2015 7:58 pm

It depends. How is the server getting the data?
Richard Gaskin
Community volunteer LiveCode Community Liaison

LiveCode development, training, and consulting services: Fourth World Systems: http://FourthWorld.com
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/

ghettocottage
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 312
Joined: Tue Apr 10, 2012 9:18 am

Re: encrypt using rsa

Post by ghettocottage » Sat Mar 28, 2015 8:05 pm

Like this:

Code: Select all

        put  $_POST["tpw"] into tPW
                 put  $_POST["tsalt"] into tSalt

Looking at the results, if I remove all urlEncode and urlDecode's before sending, the base64 encoded passwords look exactly the same before sending, and after the server gets it; however, rsa decode works on the desktop, but not on the server (for those identical base64 encoded passwords.

ghettocottage
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 312
Joined: Tue Apr 10, 2012 9:18 am

Re: encrypt using rsa

Post by ghettocottage » Sat Mar 28, 2015 8:11 pm

I take that back, the two are not identical:

before sent to server (base64encoded after encrypting with rsa):

Code: Select all

Y9eSTwl5zOY1zp/1O5e3QNrBHxeMXnbBTsp//r+FzXBbfj2Pfa4mSHwPAXWQi2DWNzYBPA5H
ynAPpmYqyminX/h6KuulUxUT8kZnZX6f6N2pPPsUz+iW7SrbcXkk9H/MqdWBQ1KqtJu/gjEe
ilUPOjF4ioZLX0PKdUW+WT09T2NpTntdpH+XWNfZVw8viY9ZBNdyUSoY7v9bWeag0YQAMiYI
oPan7uCQpmE1isy5mWlEy5kyygvqBZ2G3uMcE3EhqnWCtZqlN447LY8Ts1GSw9BuJVb7GNVm
zWZdRm/oS8vQL399n0+Em6b8Oc6YUj66oT8Ig+YqobFQhJ/9sLDsUKUbgNlq9IFM+9fcbTuj
g0dtIE0uyU3LTlc+fbnl3ddjQdOfdE8XkqoFfHl5Ph+4U4odXm8hsDaRsWj0DVnIK+4PQCH+
sJ9jNj5O/8mJG6bhcr+yXqUx4tRkzmRB9FR6NvqeJEd9085tLJwiIk9orsIEkYgujjXjueoU
hNgZYcdIjaVU/xOesU6u+sCNLRckTnECsk5CEy9QLuDV0MrBsR6IF19jDZhKl7B1WAtaYcrn
T3jr/koZml/gnT4g9U5+MHiRdli+bymTqPqvO1hAvzX+FILH8BG6CqEffn65826j4pr+AlWM
8G4pRDE+CoPYJeTVccoTMydE4MVlKXrxUnk=
and after landing on the server:

Code: Select all

Y9eSTwl5zOY1zp/1O5e3QNrBHxeMXnbBTsp//r FzXBbfj2Pfa4mSHwPAXWQi2DWNzYBPA5H
ynAPpmYqyminX/h6KuulUxUT8kZnZX6f6N2pPPsUz iW7SrbcXkk9H/MqdWBQ1KqtJu/gjEe
ilUPOjF4ioZLX0PKdUW WT09T2NpTntdpH XWNfZVw8viY9ZBNdyUSoY7v9bWeag0YQAMiYI
oPan7uCQpmE1isy5mWlEy5kyygvqBZ2G3uMcE3EhqnWCtZqlN447LY8Ts1GSw9BuJVb7GNVm
zWZdRm/oS8vQL399n0 Em6b8Oc6YUj66oT8Ig YqobFQhJ/9sLDsUKUbgNlq9IFM 9fcbTuj
g0dtIE0uyU3LTlc fbnl3ddjQdOfdE8XkqoFfHl5Ph 4U4odXm8hsDaRsWj0DVnIK 4PQCH 
sJ9jNj5O/8mJG6bhcr yXqUx4tRkzmRB9FR6NvqeJEd9085tLJwiIk9orsIEkYgujjXjueoU
hNgZYcdIjaVU/xOesU6u sCNLRckTnECsk5CEy9QLuDV0MrBsR6IF19jDZhKl7B1WAtaYcrn
T3jr/koZml/gnT4g9U5 MHiRdli bymTqPqvO1hAvzX FILH8BG6CqEffn65826j4pr AlWM
8G4pRDE CoPYJeTVccoTMydE4MVlKXrxUnk=

the "before" has plus symbols where spaces are on the "after'

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 6836
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: encrypt using rsa

Post by FourthWorld » Sat Mar 28, 2015 8:32 pm

Ah, I think I see what's happening there. How is your data packaged for POST in the client?
Richard Gaskin
Community volunteer LiveCode Community Liaison

LiveCode development, training, and consulting services: Fourth World Systems: http://FourthWorld.com
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/

ghettocottage
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 312
Joined: Tue Apr 10, 2012 9:18 am

Re: encrypt using rsa

Post by ghettocottage » Sat Mar 28, 2015 8:40 pm

like so:

Code: Select all

   put "tname=" & tName & "&age=" & tAge & "&email=" & tEmail & "&tpw=" & tPWencoded  & "&tsalt=" & tSaltencoded & "&ctype=send" into tStuffToPost
   
   #had to add this to get https to work
   libURLSetSSLVerification false
   --post it to the server
   post tStuffToPost to URL tServerURL
   put it into tResult


FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 6836
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: encrypt using rsa

Post by FourthWorld » Sat Mar 28, 2015 9:52 pm

Solved: the standard convention for packaging POST data is that each data element be URL encoded. It usually doesn't matter for single-word values, which is why it only affects your base64'd data.

When LiveCode Server gets the POST data, it splits it by "=" and "&", and runs each value through urlDecode to restore them to their pre-transport state when building the $_POST array.

Since your original key data contains "+" characters and Server is urlDecoding it, the result is that it replaces those with spaces as you've seen.

I believe if you just urlEncode the data before POSTing it, you won't need to have the extra urlEncode on the server.

And since an RSA key is already transport-safe (no low-ASCII that can be confused for control characters), so you could just run the raw key through urlEncode and save a little space/time by omitting base64 altogether.
Richard Gaskin
Community volunteer LiveCode Community Liaison

LiveCode development, training, and consulting services: Fourth World Systems: http://FourthWorld.com
LiveCode User Group on Facebook : http://FaceBook.com/groups/LiveCodeUsers/

ghettocottage
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 312
Joined: Tue Apr 10, 2012 9:18 am

Re: encrypt using rsa

Post by ghettocottage » Sat Mar 28, 2015 11:39 pm

That appears to work.

I can send to the server using rsa encryption and urlencoded:

Code: Select all

function rEncode tString
   encrypt tString using rsa with public key  gPublicKey
   put it into tRsa
   put urlEncode(tRsa) into tUrl
   return tUrl
end rEncode
and then decrypt on the server without having to do urlDecode or urlEncode (which is what was throwing me off)

Code: Select all

function dEncode tString
	   decrypt  tString using rsa with private key  gPrivateKey
	   put it into tDecrypted
	   return tDecrypted
	end dEncode

I appreciate the informative response. It explains not only what I was doing wrong, but how I could simplify the code (a little)

Post Reply

Return to “Internet”