views:

262

answers:

1

Hi, I am using crypto++ to send AES encrypted http requests to app engine, planning to decrypt them there. My plan is to encrypt the portion after the '?' so it's something like:

http://myurl.com/Command?eiwjfsdlfjldkjfs when it is encrypted. However, I'm stuck figuring out how to decrypt it at the other end and still user get() on the response to get the args. Can someone advise if I am taking the wrong approach? Should I be decrypting and not using get() but my own parser then?

+1  A: 

I think you should create the URL like this:

http://myurl.com/Command?q=eiwjfsdlfjldkjfs

Then, in your request handler, you would be able to get the encrypted message like this:

encrypted_string = self.request.get('q')

EDIT:

This is how to do it:

1) to create the url:

import Crypto
from Crypto.Cipher import ARC4
obj=ARC4.new('stackoverflow')
plain = urllib.urlencode({'param1': 'v1', 'param2': 'v2'})
ciph = obj.encrypt(plain)
url = 'myurl.com/Command?%s' % urllib.urlencode({'q': ciph}) 
#url should be 'myurl.com/Command?q=%D4%2B%E5%FA%04rE.%1C.%81%0C%B6t%DCl%F8%84%EB'

2) to decrypt it:

ciph = self.request.get('q')
obj=ARC4.new('stackoverflow')
plain = obj.decrypt(ciph)
get_data = cgi.parse_qs(plain) # {'param2': ['v2'], 'param1': ['v1']}
jbochi
so, if i have multiple parameters then I should separately encrypt and decrypt each parameter? I considered this, but still wasn't sure this was the standard way to do things (if there is a standard way). Wouldn't this just expose the parameter names?
Joey
I have edit my answer to explain how to encrypt all the parameters at once. Hope it helps
jbochi
Thanks, your edit is immensely helpful. However, something is failing on my decryption. I ran into this error:'ascii' codec can't encode characters in position 0-7After reading up, I gathered I needed to call encode() on the ciph before decrypting, which got rid of that error. I used 'utf-8' because the encoding when I getCString from my NSString url is "NSUTF8StringEncoding". When I try this on a sample string, I get a complete mess for the result in the plain var. Any idea why?
Joey
Sorry, I know nothing about the iPhone SDK. Maybe you should create another question for this :)
jbochi
Good observation. I'd totally overlooked that I made no reference to using iphone sdk for the encryption portion. Thanks!
Joey