tags:

views:

262

answers:

1
+1  Q: 

crypto++ / pycrypto with google app engine

Hi, I am using crypto++ to send AES encrypted http requests to app engine, planning to decrypt them there. My plan is to encrypt the portion after the '?' so it's something like:

http://myurl.com/Command?eiwjfsdlfjldkjfs when it is encrypted. However, I'm stuck figuring out how to decrypt it at the other end and still user get() on the response to get the args. Can someone advise if I am taking the wrong approach? Should I be decrypting and not using get() but my own parser then?

+1  A: 

I think you should create the URL like this:

http://myurl.com/Command?q=eiwjfsdlfjldkjfs

Then, in your request handler, you would be able to get the encrypted message like this:

encrypted_string = self.request.get('q')

EDIT:

This is how to do it:

1) to create the url:

import Crypto
from Crypto.Cipher import ARC4
obj=ARC4.new('stackoverflow')
plain = urllib.urlencode({'param1': 'v1', 'param2': 'v2'})
ciph = obj.encrypt(plain)
url = 'myurl.com/Command?%s' % urllib.urlencode({'q': ciph}) 
#url should be 'myurl.com/Command?q=%D4%2B%E5%FA%04rE.%1C.%81%0C%B6t%DCl%F8%84%EB'

2) to decrypt it:

ciph = self.request.get('q')
obj=ARC4.new('stackoverflow')
plain = obj.decrypt(ciph)
get_data = cgi.parse_qs(plain) # {'param2': ['v2'], 'param1': ['v1']}
jbochi  2010-05-08 19:00:03
so, if i have multiple parameters then I should separately encrypt and decrypt each parameter? I considered this, but still wasn't sure this was the standard way to do things (if there is a standard way). Wouldn't this just expose the parameter names?
Joey  2010-05-08 19:58:30
I have edit my answer to explain how to encrypt all the parameters at once. Hope it helps
jbochi  2010-05-08 22:37:14
Thanks, your edit is immensely helpful. However, something is failing on my decryption. I ran into this error:'ascii' codec can't encode characters in position 0-7After reading up, I gathered I needed to call encode() on the ciph before decrypting, which got rid of that error. I used 'utf-8' because the encoding when I getCString from my NSString url is "NSUTF8StringEncoding". When I try this on a sample string, I get a complete mess for the result in the plain var. Any idea why?
Joey  2010-05-09 07:35:39
Sorry, I know nothing about the iPhone SDK. Maybe you should create another question for this :)
jbochi  2010-05-09 14:00:15
Good observation. I'd totally overlooked that I made no reference to using iphone sdk for the encryption portion. Thanks!
Joey  2010-05-09 16:30:44

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords