views:

382

answers:

2

I'm looking to encrypt a string in VBScript, and decrypt it in PHP. I have full control over the VBScript/ASP Classic environment, but zero control over my PHP environment.

Given this, what sort of encryption could I use that would be adequate enough to secure a string? Apologies for the vagueness of the question, but I do not know where to begin.

+1  A: 

Assuming the string is making its way between the servers via http then use https to send the string. That way you don't have to do the encryption/decryption, thats done for you by SSL.

AnthonyWJones
A: 

The first thing you should try is simply using a standard encryption/decryption algorithm.

The problem is that these are handled by the php mcrypt extension and you may or may not have then available.

You want mdecrypt_generic. But you can test for it with:

<?php

if(function_exists('mdecrypt_generic')){
      echo "Fred says 'you are going to be OK!'";
}else{
      echo "Fred says 'it is a shame you cannot control your php environment'";
}

?>

If it exists then plain text that you encrypt with the same algorithm and parameters on VBScript/ASP should decrypt on PHP just fine. Be prepared to try different algorithms if you get funny results, sometime a "parameter" can really mess with you... If you do not have mcrypt then check for openssl. openssl_seal can do the same work for you, but you need to mess with x509 keys in that case. (I like CACert.org for simple x509 outsourcing...)

The other thing to consider... do you really need encryption or merely obfuscation?

HTH,

-FT

ftrotter
I need encryption, not obfuscation. While this does not entirely answer my needs, it was helpful. Thank you.