javascript - Compatibility issues with pidcrypt and openssl_encrypt -

-

i designing application allows end users take quizzes browsers. part of requirement when quiz start time around, question should displayed every participant @ once. makes serving questions end users server less reasonable because lead sudden burst of request intend serve questions them connect , less 2 hours quiz start time. problem since competition, questions should not seen before start time hence there need encrypt it.

i have decided encrypt in 2 stages, first stage of encryption using asymmetric rsa encryption exchange of keys have done. key used encrypt other data that sent between server , client.

the problem symmetric encryption part. trying use openssl_encrypt method encrypt on server side , trying decrypt pidcrypt (a javascript encryption/decryption library) on clientside. turns out pidcrypt requires iv (initialization vector) 8 bytes long openssl_encrypt using aes-256-cbc mode doesn't allow 8 bytes instead insisting on 16 bytes. have done lot of permutations , experimentation no luck. stated in documentation of pidcrypt openssl compatible question - doing wrong? below code encrypts on server side using php 

        $iv_len = openssl_cipher_iv_length("aes-256-cbc");             $key='my secret key.......';     $iv = openssl_random_pseudo_bytes($iv_len);     $enc = openssl_encrypt('hello', "aes-256-cbc", $key, 0, $iv);     $encryptedmessage = base64_encode("salted__".bin2hex($iv).$enc);     echo json_encode(array('key'=>$key, 'encrypt'=>$encryptedmessage,));

please there way make $iv_len 8bytes long rather 16 bytes code return , approaching whole setup in right way. thanks

pidcrypt not use 8 byte iv, uses 8 byte salt. iv's , salts different concepts, though share many similarities.

in pidcrypt randomized salt used password , md5 generate key , iv. salt pre-pended ciphertext (as openssl does). server should use same method generate key , iv, using pre-pended salt value , shared password. trying directly key , iv, not correct.

whatever library, iv used decrypt cbc mode should identical block size of underlying cipher. underlying block cipher here aes, means iv 16 bytes.

you should read through user comments on undocumented openssl_encrypt method, , either find openssl compatible library in php, or find/implement the openssl key derivation method (evp_bytestokey).

note following output produced openssl command line utility:

00000000  53 61 6c 74 65 64 5f 5f  44 a2 2f ee ac ee 94 fd  |salted__d./.....| 00000010  6f 93 17 24 44 12 88 66  e7 fe 5c d5 7d 81 fe d9  |o..$d..f..\.}...| 00000020

so that's ascii string containing salted__ followed 8 byte random salt (not iv) 16 bytes of ciphertext (one full block).


Comments

Post a Comment

Popular posts from this blog

plot - Remove Objects from Legend When You Have Also Used Fit, Matlab -

-
Image
i've plotted data points , fitted exponential curve between them using 'fit' in matlab. problem fit-function got fitted line wanted plot, markers on top of regular markers. solved problem plotting wanted markers on top of unwanted couldn't seen. problem. when want show legends dots in there. how can remove markers legend without removing fitted line since both of them hidden inside fit-function? can stop 'fit' plotting unwanted markers? so, want remove blue dot called 'hoff' in picture below. you can leave out legend-entries manually leaving out handles of lines, dont want in legend. try this: %if plot something, want showing in legend, save handle: h_line = plot(x,y) %you dont want show line? dont anything, plot it: plot(mymarker) %then set legend-> can add text legend-entries %a cell-array containing strings want show up: legend([h_line another_line],{'text1' 'text2'}) with example (see comments) came solution:
Read more

java - Why does my date parsing return a weird date? -

-
here code using: string string = "08/07/2013".replace('/', '-'); date date = new simpledateformat("yyyy-mm-dd").parse(string); why date return: "wen jan 3 00:00:00 est 14"? not @ date format told use. edit: need format because database using requires format. the format use parse date string, not match it. using yyyy 08 . use following format: new simpledateformat("dd-mm-yyyy") and why @ replacing / - ? can build pattern original string only: string string = "08/07/2013" date date = new simpledateformat("dd/mm/yyyy").parse(string); and if want date string in yyyy-mm-dd format, can format date using dateformat#format(date) method: string formatteddate = new simpledateformat("yyyy-mm-dd").format(date); see also: change date format in java string simpledateformat java doc
Read more

Need help in packaging app using TideSDK on Windows -

-
i developed application using tidesdk on windows , when click launchapp works fine. moved package , installed imagemagick , wix 3.0 required packaging on windows. clicked on package runtime , cannot guess packaged app is? found file 'installer' in workspace when click on it says installer not find application path . think application not being packaged properly. here log see in tidesdk: preparing package desktop app runtime. 1 moment... staging trial -> copying contents d:\lab\tidesdk\trial d:\lab\tidesdk\trial\packages\win32\bundle\trial -> copying installer c:\programdata\tidesdk\sdk\win32\1.3.1-beta\installer d:\lab\tidesdk\trial\packages\win32\bundle\trial -> copying runtime d:\lab\tidesdk\trial\packages\win32\bundle\trial -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\modules\app\1.3.1-beta -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\modules\codec\1.3.1-beta -> date: d:\lab\tidesdk\trial\packages\win32\bundle\trial\mod
Read more