So would it be better (or possible) to try and remove all urlEncode/urlDecode from the equation?
I am certainly a fan of whittling things down as much as possible.
encrypt using rsa
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
-
ghettocottage
- Livecode Opensource Backer
- Posts: 366
- Joined: Tue Apr 10, 2012 9:18 am
-
FourthWorld
- VIP Livecode Opensource Backer
- Posts: 9823
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: encrypt using rsa
It depends. How is the server getting the data?
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
ghettocottage
- Livecode Opensource Backer
- Posts: 366
- Joined: Tue Apr 10, 2012 9:18 am
Re: encrypt using rsa
Like this:
Looking at the results, if I remove all urlEncode and urlDecode's before sending, the base64 encoded passwords look exactly the same before sending, and after the server gets it; however, rsa decode works on the desktop, but not on the server (for those identical base64 encoded passwords.
Code: Select all
put $_POST["tpw"] into tPW
put $_POST["tsalt"] into tSalt
Looking at the results, if I remove all urlEncode and urlDecode's before sending, the base64 encoded passwords look exactly the same before sending, and after the server gets it; however, rsa decode works on the desktop, but not on the server (for those identical base64 encoded passwords.
-
ghettocottage
- Livecode Opensource Backer
- Posts: 366
- Joined: Tue Apr 10, 2012 9:18 am
Re: encrypt using rsa
I take that back, the two are not identical:
before sent to server (base64encoded after encrypting with rsa):
and after landing on the server:
the "before" has plus symbols where spaces are on the "after'
before sent to server (base64encoded after encrypting with rsa):
Code: Select all
Y9eSTwl5zOY1zp/1O5e3QNrBHxeMXnbBTsp//r+FzXBbfj2Pfa4mSHwPAXWQi2DWNzYBPA5H
ynAPpmYqyminX/h6KuulUxUT8kZnZX6f6N2pPPsUz+iW7SrbcXkk9H/MqdWBQ1KqtJu/gjEe
ilUPOjF4ioZLX0PKdUW+WT09T2NpTntdpH+XWNfZVw8viY9ZBNdyUSoY7v9bWeag0YQAMiYI
oPan7uCQpmE1isy5mWlEy5kyygvqBZ2G3uMcE3EhqnWCtZqlN447LY8Ts1GSw9BuJVb7GNVm
zWZdRm/oS8vQL399n0+Em6b8Oc6YUj66oT8Ig+YqobFQhJ/9sLDsUKUbgNlq9IFM+9fcbTuj
g0dtIE0uyU3LTlc+fbnl3ddjQdOfdE8XkqoFfHl5Ph+4U4odXm8hsDaRsWj0DVnIK+4PQCH+
sJ9jNj5O/8mJG6bhcr+yXqUx4tRkzmRB9FR6NvqeJEd9085tLJwiIk9orsIEkYgujjXjueoU
hNgZYcdIjaVU/xOesU6u+sCNLRckTnECsk5CEy9QLuDV0MrBsR6IF19jDZhKl7B1WAtaYcrn
T3jr/koZml/gnT4g9U5+MHiRdli+bymTqPqvO1hAvzX+FILH8BG6CqEffn65826j4pr+AlWM
8G4pRDE+CoPYJeTVccoTMydE4MVlKXrxUnk=Code: Select all
Y9eSTwl5zOY1zp/1O5e3QNrBHxeMXnbBTsp//r FzXBbfj2Pfa4mSHwPAXWQi2DWNzYBPA5H
ynAPpmYqyminX/h6KuulUxUT8kZnZX6f6N2pPPsUz iW7SrbcXkk9H/MqdWBQ1KqtJu/gjEe
ilUPOjF4ioZLX0PKdUW WT09T2NpTntdpH XWNfZVw8viY9ZBNdyUSoY7v9bWeag0YQAMiYI
oPan7uCQpmE1isy5mWlEy5kyygvqBZ2G3uMcE3EhqnWCtZqlN447LY8Ts1GSw9BuJVb7GNVm
zWZdRm/oS8vQL399n0 Em6b8Oc6YUj66oT8Ig YqobFQhJ/9sLDsUKUbgNlq9IFM 9fcbTuj
g0dtIE0uyU3LTlc fbnl3ddjQdOfdE8XkqoFfHl5Ph 4U4odXm8hsDaRsWj0DVnIK 4PQCH
sJ9jNj5O/8mJG6bhcr yXqUx4tRkzmRB9FR6NvqeJEd9085tLJwiIk9orsIEkYgujjXjueoU
hNgZYcdIjaVU/xOesU6u sCNLRckTnECsk5CEy9QLuDV0MrBsR6IF19jDZhKl7B1WAtaYcrn
T3jr/koZml/gnT4g9U5 MHiRdli bymTqPqvO1hAvzX FILH8BG6CqEffn65826j4pr AlWM
8G4pRDE CoPYJeTVccoTMydE4MVlKXrxUnk=the "before" has plus symbols where spaces are on the "after'
-
FourthWorld
- VIP Livecode Opensource Backer
- Posts: 9823
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: encrypt using rsa
Ah, I think I see what's happening there. How is your data packaged for POST in the client?
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
ghettocottage
- Livecode Opensource Backer
- Posts: 366
- Joined: Tue Apr 10, 2012 9:18 am
Re: encrypt using rsa
like so:
Code: Select all
put "tname=" & tName & "&age=" & tAge & "&email=" & tEmail & "&tpw=" & tPWencoded & "&tsalt=" & tSaltencoded & "&ctype=send" into tStuffToPost
#had to add this to get https to work
libURLSetSSLVerification false
--post it to the server
post tStuffToPost to URL tServerURL
put it into tResult
-
FourthWorld
- VIP Livecode Opensource Backer
- Posts: 9823
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: encrypt using rsa
Solved: the standard convention for packaging POST data is that each data element be URL encoded. It usually doesn't matter for single-word values, which is why it only affects your base64'd data.
When LiveCode Server gets the POST data, it splits it by "=" and "&", and runs each value through urlDecode to restore them to their pre-transport state when building the $_POST array.
Since your original key data contains "+" characters and Server is urlDecoding it, the result is that it replaces those with spaces as you've seen.
I believe if you just urlEncode the data before POSTing it, you won't need to have the extra urlEncode on the server.
And since an RSA key is already transport-safe (no low-ASCII that can be confused for control characters), so you could just run the raw key through urlEncode and save a little space/time by omitting base64 altogether.
When LiveCode Server gets the POST data, it splits it by "=" and "&", and runs each value through urlDecode to restore them to their pre-transport state when building the $_POST array.
Since your original key data contains "+" characters and Server is urlDecoding it, the result is that it replaces those with spaces as you've seen.
I believe if you just urlEncode the data before POSTing it, you won't need to have the extra urlEncode on the server.
And since an RSA key is already transport-safe (no low-ASCII that can be confused for control characters), so you could just run the raw key through urlEncode and save a little space/time by omitting base64 altogether.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
ghettocottage
- Livecode Opensource Backer
- Posts: 366
- Joined: Tue Apr 10, 2012 9:18 am
Re: encrypt using rsa
That appears to work.
I can send to the server using rsa encryption and urlencoded:
and then decrypt on the server without having to do urlDecode or urlEncode (which is what was throwing me off)
I appreciate the informative response. It explains not only what I was doing wrong, but how I could simplify the code (a little)
I can send to the server using rsa encryption and urlencoded:
Code: Select all
function rEncode tString
encrypt tString using rsa with public key gPublicKey
put it into tRsa
put urlEncode(tRsa) into tUrl
return tUrl
end rEncodeCode: Select all
function dEncode tString
decrypt tString using rsa with private key gPrivateKey
put it into tDecrypted
return tDecrypted
end dEncodeI appreciate the informative response. It explains not only what I was doing wrong, but how I could simplify the code (a little)