What encryption algorithm would be best for data transfer between Python and Php?

views:

253

answers:

What encryption algorithm would be best for data transfer between Python and Php?

Hi all,

I am writing a client / server based program, Server side is with Php and Client is with Python, and I need to make sure the transfer data is safe both way.

So, My question is

What encryption algorithm would be best for data transfer between Python and Php?

I couldn't use Https
Need to decrypt/encrypt with key on both Python and Php
I would't need to have ~~shared~~ public key, key could be set in both Python and Php manually
Since I don't know how to implement algorithm myself, examples on both language would be great.
My data are not serious like banking site, but just want to encrypt to be safe on the wire from sniffing

I've tried to check this question but I couldn't find suitable answer for me

http://stackoverflow.com/questions/102496/compatible-encryption-between-c-and-php-coldfusion-ruby-python

Thanks in advance.

+3 A:

Do not attempt to invent an encryption scheme yourself. This is extremely difficult to get right (even professionals can't do this correctly on a regular basis). The SSL suite of security protocols embodies literally decades of research and implementation experience that you will not be able to reinvent.

For protection of private data over HTTP, the only correct answer is SSL. Anything else is doing yourself a disservice.

Greg Hewgill 2010-02-22 10:36:15

+1 thanks for pointing out, but I am afraid, I don't have SSL option in my hosting for now.

S.Mark 2010-02-22 10:41:45

SSL and HTTPS are not the same thing. If you can implement your own custom encryption scheme, then you also have all the tools you need to use SSL/TLS - and you certainly *should*.

caf 2010-02-22 23:38:42

+1 A:

The answer is usually "it depends". If all you're looking for is symmetric encryption of sufficient quantities of data you'll probably want something like AES. There are however many ways in which you could use encryption that can turn out to be insecure in the end, which is why using https is a good idea since it's a bit higher level and harder to get badly wrong. I am not a security researcher, but this is just going on general advice I've been given in regard to security.

Anyways, there's a python library and you can apparently use mcrypt to handle encryption/decryption in PHP itself.

wds 2010-02-22 10:36:22

+1 thanks for suggestion, I am also like to try AES

S.Mark 2010-02-22 10:44:16

Just a couple points. Your encrypted data is likely to be 8bit. If you're doing small transfers, base64 encoding is probably easiest. If you are transferring a lot of data, you could stream the 8bit encrypted data with `transfer-encoding: chunked`, but you may need to jump through hoops to achieve this.

MattH 2010-02-22 11:08:33

Thanks @MattH, but I couldn't set password in base64 btw. thanks for `transfer-encoding: chunked`, I need to learn that first. My data is not big though.

S.Mark 2010-02-22 11:13:23

@S.Mark base64 is just an encoding, not an encryption. It lets you encode 8bit data over a transport that is not 8bit safe. I'm telling you this because the output from an encryption routine is likely to be 8bit. If, for example, you wanted to `POST` an AES encrypted chunk of data to your website, you'd need to use something like base64 encoding.

MattH 2010-02-22 11:55:56

Thanks MattH, I've got it, for that case, I would like to do encrypt with AES first and like to do base64 encode. thanks for your help

S.Mark 2010-02-22 12:26:29

ansaurus

tags:

views:

answers:

What encryption algorithm would be best for data transfer between Python and Php?

related questions