CODEWITHSUNDEEP
asp.net
Sanjay Sharma
Sanjay Sharma

Reputation: 11

Encrypt query string

Iam trying to send EmployeeId in another page using query string but I want to send it in encrypted format.

If anyone knows the answer, any help is a great help.

Upvotes: 1

Views: 679

Answers (3)

Daniel
Daniel

Reputation: 1406

You may or may not really need encryption, but assuming you do, you can do this in PHP using triple des (or whatever you want) like this:

// Init mcrypt stuff
$descriptor = mcrypt_module_open('tripledes', '', MCRYPT_MODE_ECB, '');
$key = substr(md5('put your secret here'), 0, mcrypt_enc_get_key_size($descriptor));
$vector = mcrypt_create_iv(mcrypt_enc_get_iv_size($descriptor), MCRYPT_RAND);
mcrypt_generic_init($descriptor, $key, $vector);

// Encrypt id
$encryptedEmployeeId = mcrypt_generic($descriptor, $_GET['EmployeeId']);

// Clean up mcrypt
mcrypt_generic_deinit($descriptor);
mcrypt_module_close($descriptor);

The reverse process is similar except using mdecrypt_generic(). Of course, I've made the assumption that you're using PHP :).

Upvotes: 0

Karel
Karel

Reputation: 2212

From http://www.infoexpediters.com/SecureQueryString.cs:

public string encrypt(string serializedQueryString)
    {
        byte[] buffer = Encoding.ASCII.GetBytes(serializedQueryString);
        TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
        MD5CryptoServiceProvider MD5 = new MD5CryptoServiceProvider();
        des.Key = MD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(cryptoKey));
        des.IV = IV;
        return Convert.ToBase64String(
            des.CreateEncryptor().TransformFinalBlock(
                buffer,
                0,
                buffer.Length
            )
        );
    }

    public string decrypt(string encryptedQueryString)
    {
        try
        {
            byte[] buffer = Convert.FromBase64String(encryptedQueryString);
            TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
            MD5CryptoServiceProvider MD5 = new MD5CryptoServiceProvider();
            des.Key = MD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(cryptoKey));
            des.IV = IV;
            return Encoding.ASCII.GetString(
                des.CreateDecryptor().TransformFinalBlock(
                    buffer,
                    0,
                    buffer.Length
                )
            );
        }
        catch (CryptographicException)
        {
            throw new InvalidQueryStringException();
        }
        catch (FormatException)
        {
            throw new InvalidQueryStringException();
        }
    }

Upvotes: 1

Aaron Gage
Aaron Gage

Reputation: 2403

Use a POST not a GET, that way it is not visible in the url. Implement some small encryption done on the POST body before sending, and decrypt upon receiving.

I assume you are using javascript on the pages? Provide more info on what languages you are using (php/python etc?) for something more specific (and code)

Upvotes: 0

Related Questions