perl-embperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Grimm ...@raytheon.com>
Subject RE: Passing encrypted base64 encoded value via href and then decode and decrypt on receiving page not working
Date Wed, 01 Feb 2017 12:31:29 GMT
Web servers will do a conversion of = to =3D and + to =2B in the <a href> portion.  If
your decode_base64 is not set to verbosely pedantic, it may silently truncate your encoded
cipher at that point.

I believe there's a standard alternate encoding for base64 for use with webpages, but I don't
recall it off-hand; it's been about a decade since I worked on that part of our webpages.

--
Ed Grimm
Identity Services

From: Donavon [mailto:donl@mycopanet.com]
Sent: Tuesday, January 31, 2017 5:49 PM
To: embperl@perl.apache.org
Subject: Passing encrypted base64 encoded value via href and then decode and decrypt on receiving
page not working


I am trying to do the following:

encode_json() -> $cipher->encrypt() -> encode_base64() -> <a href> ->
decode_base64() -> $cipher->decrypt() -> decode_json() -> Dumper()

It seems pretty straight forward but for some reason it is not working.

It breaks down at the $cipher->decrypt() part.

Any suggestions?  Could it be an embperl issue or perl issue?
Thank You,
~Donavon







temp.epl

[-

    use JSON; # imports encode_json, decode_json, to_json and from_json.



    use MIME::Base64;



    use Mycopa::Encrypt;

    $encrypt        = new Mycopa::Encrypt();





    # set up json

    %json                 = ();

    $json{TOR}            = time;



    # set up options

    %opts               = ();

    $opts{option1}      = "Option 1";

    $opts{option2}      = "Option 2";

    $opts{option3}      = "Option 3";

    push(@{ $json{opts} }, {%opts} );



    $json = encode_json(\%json);



    $escmode = 0;

    print OUT $json . "<br />";









    # encrypt

    $cipher = Crypt::CBC->new(

          -literal_key    => 1,

          -key            => "95A8EE8E89979B9EFDCBC6EB9797528D",

          -header         => 'none',

          -iv             => "1234567890abcdef",

          -cipher         => 'Crypt::OpenSSL::AES'

    );



    $plaintext = $cipher->encrypt($json);



    $escmode = 0;

    print OUT $plaintext . "<br />";





    # encode

    $plaintextbase64 = encode_base64($plaintext);



    # make URL friendly

    $plaintextbase64 =~ s/\+/-/g;

    $plaintextbase64 =~ s/\//_/g;

    $plaintextbase64 =~ s/=/,/g;

    $plaintextbase64 =~ s/\n//g;





    $escmode = 0;

    print OUT $plaintextbase64 . "<br />";



-]



<a href="temp1.epl?plaintextbase64=[+ $plaintextbase64 +]">Click Me!!!</a>







temp1.epl



[-

    use JSON; # imports encode_json, decode_json, to_json and from_json.



    use MIME::Base64;



    use Mycopa::Encrypt;

    $encrypt        = new Mycopa::Encrypt();



    $escmode = 0;

    print OUT $fdat{plaintextbase64} . "<br />";





    # decode

    $plaintextbase64 = decode_base64($fdat{plaintextbase64});



    $escmode = 0;

    print OUT $plaintextbase64 . "<br />";







    # decrypt

    $cipher = Crypt::CBC->new(

          -literal_key    => 1,

          -key            => "95A8EE8E89979B9EFDCBC6EB9797528D",

          -header         => 'none',

          -iv             => "1234567890abcdef",

          -cipher         => 'Crypt::OpenSSL::AES'

    );



    $plaintext = $cipher->decrypt($plaintextbase64);



    $escmode = 0;

    print OUT $plaintext . "<br />";





    $json = decode_json($plaintext);





    use Data::Dumper;

    $Data::Dumper::Sortkeys = 1;

    $escmode = 0;

    print OUT "<pre>";

    print OUT Dumper(\$json);

    print OUT "</pre>";









-]
Mime
View raw message